Dropbear is a small SSH server and client that supports multi-hop mode and that permits TCP forwarding to tunnel through several hosts in a single command. It is compatible with OpenSSH and can be. Dropbear is a small SSH server using in Linux distributions. It is an open source software. Dropbear SSH completely runs with SSH version 2 protocol, it never supports SSH version 1. Dropbear is an advanced version of open SSH, it only uses low memory and processor resources. SSH Dropbear servers are relatively lightweight for clients, running on various POSIX-based platforms. Generally Openssh and Dropbear are the same in the data encryption protocol using ssh, but Dropbear is safer than openssh because Dropbear can include compatible with openssh.
Description
The client-side API allows an eCos application to establish a secure connection to a remote ssh server and run commands on the remote machine. This requires that the application authenticate itself as a valid user on that system. Once the remote command is running the eCos application can interact with its stdin/stdout/stderr stream over sockets.
The client-side code has only been tested against openssh running on a Linux server. Interoperability with other ssh implementations cannot be guaranteed.
Dropbear Ssh Client Key Authentication
Application developers should be aware that establishing an ssh connection is a complicated business. Even if the eCos application is working correctly there are many things completely outside its control that could go wrong and prevent a secure connection from being established. Some of these are: firewalls intercepting and discarding packets to the ssh server; tcp wrappers intercepting and rejecting requests before they even reach the ssh server, courtesy of settings in the /etc/hosts.allow
and /etc/hosts.deny
files; ssh server settings in /etc/ssh/sshd_config
which are incompatible with the application's requirements; problems with the user account specified by the application; or problems with the ssh keys in the account's ~/.ssh/authorized_keys2
file. It is recommended that when experiencing connectivity problems from an eCos application the developer first checks the server's setup, for example by using ssh or dbclient commands on a suitable Linux box on the same network as the eCos system and specifying the same account and keys.
Dropbear Ssh Client Reviews
Application developers should also be aware that allowing remote systems running eCos to access an ssh server has security implications. For example if plain-text passwords are used and an attacker has physical access to a remote system, that attacker could use technology like jtag to examine the contents of the flash memory and search for the password. It is the developers' responsibility to understand the security issues associated with ssh technology and decide whether or not the risks are acceptable.