janmojzis / tinyssh Goto Github PK

View Code? Open in Web Editor NEW

1.4K 1.4K 71.0 1.65 MB

TinySSH is small server (less than 100000 words of code)

License: Creative Commons Zero v1.0 Universal

Makefile 0.04% C 93.55% Python 1.91% Shell 4.50%

tinyssh's People

Contributors

Stargazers

Watchers

tinyssh's Issues

Repo URL

Please set http://tinyssh.org/ as repo URL.
There is an Edit link beside: TinySSH is small server (less than 100000 words of code)

ControlMaster triggers BUG: (protocol error){channel.c:57}

Initially reported (by me) downstream: https://bugs.debian.org/995146
Forwarding here because I reproduced it with 20210601 much quicker than I expected.
See the attached transcript for the exact openssh CLI options I used.
transcript.txt

sshfs, tinyssh

current arhclinux, gives me this on a sshfs attempt.. not sure if bug or just a lacking feature?

tinysshd: cVG3YoxN: BUG: (protocol error){channel.c:214}
Not sure about the activity of project but you are a great dev mate!!

I HOPE what seems as a slowdown of activity is simply because of a fairly complete package ,)

love from EUrope to .cz.
Ok, so that line indicates the channel pid is negative in channel_put.

Ignore error above; I didn't have sftp enabled in the tinysshd server. However, once I did, and can sftp in, I still get an error from tinyssh when trying sshfs:

tinysshd: eSIpVRao: BUG: (connection reset){packet_auth.c:57}

l57:
if (!packet_getall(b, SSH_MSG_USERAUTH_REQUEST)) bug();
SO some exchange issue, maybe I can browse some more tomorrow when I have more time. Although I don't recall if this is sshfs compatible (man sshfs saisi t used sftp which is why I realise the former mistake).

Developement status?

Hi there,

Development seems completely stalled. Is there anything happening?

Regards.

fatal: unknown message type {tinysshd.c:303} - KEEPALIVE not implemented

SSHv2 keepalive packets cause the connection to be reset intinysshd.c

(I was using ServerAliveInterval 60 in my ~/.ssh/config)

daemon.info: Jul 18 20:05:07 tinysshd: M2lhPXOB: info: kex: kex selected: [email protected] {sshcrypto_kex.c:106}
daemon.info: Jul 18 20:05:07 tinysshd: M2lhPXOB: info: kex: key selected: ssh-ed25519 {sshcrypto_key.c:122}
daemon.info: Jul 18 20:05:07 tinysshd: M2lhPXOB: info: kex: cipher selected: [email protected] {sshcrypto_cipher.c:110}
daemon.info: Jul 18 20:05:07 tinysshd: M2lhPXOB: info: kex: mac selected: [email protected] {sshcrypto_cipher.c:111}
daemon.info: Jul 18 20:05:10 tinysshd: M2lhPXOB: info: auth: stuart: none rejected {packet_auth.c:144}
daemon.info: Jul 18 20:05:10 tinysshd: M2lhPXOB: info: auth: stuart: ssh-rsa rejected {packet_auth.c:144}
daemon.info: Jul 18 20:05:17 tinysshd: M2lhPXOB: info: auth: stuart: ssh-ed25519 accepted {packet_auth.c:158}
daemon.info: Jul 18 20:06:25 tinysshd: M2lhPXOB: fatal: unknown message type (temporary failure){tinysshd.c:303}
daemon.info: Jul 18 20:08:25 tinysshd: 5wbjLsha: info: kex: kex selected: [email protected] {sshcrypto_kex.c:106}
daemon.info: Jul 18 20:08:25 tinysshd: 5wbjLsha: info: kex: key selected: ssh-ed25519 {sshcrypto_key.c:122}
daemon.info: Jul 18 20:08:25 tinysshd: 5wbjLsha: info: kex: cipher selected: [email protected] {sshcrypto_cipher.c:110}
daemon.info: Jul 18 20:08:25 tinysshd: 5wbjLsha: info: kex: mac selected: [email protected] {sshcrypto_cipher.c:111}
daemon.info: Jul 18 20:08:28 tinysshd: 5wbjLsha: info: auth: stuart: none rejected {packet_auth.c:144}
daemon.info: Jul 18 20:08:28 tinysshd: 5wbjLsha: info: auth: stuart: ssh-rsa rejected {packet_auth.c:144}
daemon.info: Jul 18 20:08:35 tinysshd: 5wbjLsha: info: auth: stuart: ssh-ed25519 accepted {packet_auth.c:158}
daemon.info: Jul 18 20:09:36 tinysshd: 5wbjLsha: fatal: unknown message type {tinysshd.c:303}

`sniffing the interface shows the SSHv2 packet that causes the reset:

No.     Time        Source                Destination           Protocol Length Info
    126 80.903015   LAN.IP            VPN.IP          TCP      54     22→61681 [FIN, ACK] Seq=1572 Ack=3961 Win=45664 Len=0

Frame 126: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94), Dst: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39)
Internet Protocol Version 4, Src: LAN.IP(LAN.IP), Dst: VPN.IP (VPN.IP)
Transmission Control Protocol, Src Port: 22 (22), Dst Port: 61681 (61681), Seq: 1572, Ack: 3961, Len: 0

No.     Time        Source                Destination           Protocol Length Info
    127 80.928609   VPN.IP          LAN.IP            TCP      54     61681→22 [ACK] Seq=3961 Ack=1573 Win=59904 Len=0

Frame 127: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39), Dst: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94)
Internet Protocol Version 4, Src: VPN.IP (VPN.IP), Dst: LAN.IP(LAN.IP)
Transmission Control Protocol, Src Port: 61681 (61681), Dst Port: 22 (22), Seq: 3961, Ack: 1573, Len: 0

No.     Time        Source                Destination           Protocol Length Info
    128 80.929648   VPN.IP          LAN.IP            SSHv2    114    Client: Encrypted packet (len=60)

Frame 128: 114 bytes on wire (912 bits), 114 bytes captured (912 bits)
Ethernet II, Src: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39), Dst: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94)
Internet Protocol Version 4, Src: VPN.IP (VPN.IP), Dst: LAN.IP(LAN.IP)
Transmission Control Protocol, Src Port: 61681 (61681), Dst Port: 22 (22), Seq: 3961, Ack: 1573, Len: 60
SSH Protocol

No.     Time        Source                Destination           Protocol Length Info
    129 80.929665   LAN.IP            VPN.IP          TCP      54     22→61681 [RST] Seq=1573 Win=0 Len=0

Frame 129: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94), Dst: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39)
Internet Protocol Version 4, Src: LAN.IP(LAN.IP), Dst: VPN.IP (VPN.IP)
Transmission Control Protocol, Src Port: 22 (22), Dst Port: 61681 (61681), Seq: 1573, Len: 0

No.     Time        Source                Destination           Protocol Length Info
    130 80.930936   VPN.IP          LAN.IP            TCP      54     61681→22 [FIN, ACK] Seq=4021 Ack=1573 Win=59904 Len=0

Frame 130: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39), Dst: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94)
Internet Protocol Version 4, Src: VPN.IP (VPN.IP), Dst: LAN.IP(LAN.IP)
Transmission Control Protocol, Src Port: 61681 (61681), Dst Port: 22 (22), Seq: 4021, Ack: 1573, Len: 0

No.     Time        Source                Destination           Protocol Length Info
    131 80.930950   LAN.IP            VPN.IP          TCP      54     22→61681 [RST] Seq=1573 Win=0 Len=0

Frame 131: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94), Dst: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39)
Internet Protocol Version 4, Src: LAN.IP(LAN.IP), Dst: VPN.IP (VPN.IP)
Transmission Control Protocol, Src Port: 22 (22), Dst Port: 61681 (61681), Seq: 1573, Len: 0

Will ssh_send_keepalive be part of /* XXX TODO - send SSH_MSG_UNIMPLEMENTED */ ?

The automatic log out after 1 hour is nice. I've not had any problem with my build against libsodium.

I've also been testing tinysshd with fwknop & have automatic logins through nat into LXC containers working.

Honor openssh out max packet size

Similar issue for another SSH daemon: paramiko/paramiko#455

client: OpenSSH 8.5_p1-r1+sctp
server: tinyssh 20190101 launched like this:
/usr/bin/tcpserver -HRDl0 0 22 /usr/sbin/tinysshd -l -s -p -x sftp=/usr/lib64/misc/sftp-server /etc/tinyssh/keys

Where to get GPG key to verify your signatures?

Where to find your GPG keys to verify tar and git tag signatures?
I cannot find them on tinyssh web page. But you mention to use them:

$ gpg2 --verify 20230101.tar.gz.asc 20230101.tar.gz
gpg: Signature made Sun 01 Jan 2023 02:35:41 AM MSK
gpg:                using RSA key D008B0C23D8479E46B9FCB9045DA517496939FF9
gpg: Can't check signature: No public key

Key search D008B0C23D8479E46B9FCB9045DA517496939FF9 from keys.openpgp.org gives https://keys.openpgp.org/vks/v1/by-fingerprint/AADF2EDF5529F1702772C8A2DEC4D246931EF49B which is not usable:

$ gpg2 --import AADF2EDF5529F1702772C8A2DEC4D246931EF49B
gpg: key DEC4D246931EF49B: no user ID
gpg: Total number processed: 1

Also, there's no key at https://github.com/janmojzis.gpg

-----BEGIN PGP PUBLIC KEY BLOCK-----
Note: The keys with the following IDs couldn't be exported and need to be reuploaded DEC4D246931EF49B


=twTO
-----END PGP PUBLIC KEY BLOCK-----

Option to allow anonymous SSH sessions

It's been half a year since I implemented an option to allow SSH guest logins for TinySSH. I created a pull request but it has still not received any reviews nor has it been merged.

Is there any reason for delaying this? It would be helpful to have at least a discussion regarding this enhancement. I would prefer not to create my own fork of TinySSH as a long term solution.

Session timeout after 3600 seconds (1 hour)

I've noticed that my ssh sessions timeout after 3600 seconds. I think it's due to alarm(3600) that is set after the ssh session is created and also for some "refresh timeout" that I'm not really sure about what it really is.

The timeout seems to be there for "session rekeying" that should take place every hour. However I can't really find code in tinysshd.c that forces any kind of session rekying serverside, so the client needs to do that?

What's the use for those alarms? Is it really intended for session rekeying and if yes, how should one handle this in combination with OpenSSH on clientside?

OpenSSH_7.3p1 offers no session rekeying after N seconds as far as I can tell. Is it therefore safe to disable those alarms with a patch like this?

--- a/tinyssh/tinysshd.c
+++ b/tinyssh/tinysshd.c
@@ -170,7 +170,7 @@ rekeying:
     }

     /* note: user is authenticated and authorized */
-    alarm(3600);
+    alarm(0);

     /* main loop */
     for (;;) {
@@ -237,7 +237,7 @@ rekeying:

         /* receive data from network */
         if (watch0) {
-            alarm(3600); /* refresh timeout */
+            alarm(0); /* refresh timeout */
             if (!packet_recv()) {
                 if (channel_iseof()) break; /* XXX */
                 die_fatal("unable to receive data from network", 0, 0);

Thank you for your help.

SFTP support via external binary

Given that tinyssh already supports channels in which stdin/stdout are from an external binary (e.g. bash), is there any reason not to add SFTP support? It would require openssh's sftp-server binary, and a bit of code to accept the sftp channel type and run the sftp-server binary as the logged in user, but all of the support code for that is already in place.

Error While Building "emptytest.c"

channel_droptest.c:1:10: error: expected '=', ',', ';', 'asm' or 'attribute' before '.' token
emptytest.c
^
=== Sun Aug 20 13:03:22 DST 2017 === channel_droptest failed ... see the log /mnt/c/Users/*****/Desktop/tinyssh-master/build/log

Systemd services don't work

On arch linux, there are three systemd unit files installed along with tinyssh by default (usr/lib/systemd/system/[email protected], usr/lib/systemd/system/[email protected], and usr/lib/systemd/system/tinysshgenkeys.service, see here). However, the man page (see here) lists two other unit files with very similar but slightly different names. Worse yet, I can't figure out how to get either to work.

If I enable [email protected] and then [email protected] (the two systemctl units that come pre installed with the package), the first one works fine, but then the second one fails. In the systemd logs, it simply says [email protected]: Got no socket. The same thing happens if I run [email protected] and then [email protected] (ie in the other order). It seems that it is creating the socket, but the service isn't actually listening on it correctly for some reason. ss -lx | grep ssh only shows /run/user/0/gnupg/S.gpg-agent.ssh, no socket for ssh. However, I can tell [email protected] is doing something, because nmap identifies port 22 as filtered instead of closed, and ssh-copy-id fails when trying to log in instead of timing out like it would if the port were closed. It just, you know, isn't actually connected to any tinyssh daemon.

What about the unit files described in the man page? Well, glancing quickly over this repo I noticed that the man page is very out of date, but I didn't spot where the unit files in the arch linux package are, so they might be a downstream thing. Anyway, if I add the unit files described in the man page, they also don't work. The error is exactly the same, as long as I remember to stop the other socket.

Finally, just for completeness's sake, if I simply run tinysshd /etc/tinyssh/sshkeydir, it hangs for 1 minute and then kills itself because fatal: closing connection (timed out){main_tinysshd.c:43} I did generate the server keys and make sure that the two systemd sockets were stopped before trying it.

I'm running tinyssh in a qemu virtual machine, and the arch linux version is built with NaCl "/ TweetNaCl"

Agent forwarding

Are there any plans to add support for authentication agent forwarding?

I have a herd of SBCs (perfect for TinySSH) that I sometimes have to access via bastion. Currently the only way to access them would be to put the private key on the bastion, which is less than ideal.

Mandir creation fails

DESTDIR=/tmp/tinyssh-release make -C /tmp/tinyssh-build install
make[1]: Entering directory '/tmp/tinyssh-build'
sh -e make-install.sh /tmp/tinyssh-release
=== Wed Jul 27 14:44:12 UTC 2016 === installing bin directory /tmp/tinyssh-release/usr/bin
=== Wed Jul 27 14:44:13 UTC 2016 ===   installing /tmp/tinyssh-build/build/bin/tinysshd-makekey -> /tmp/tinyssh-release/usr/bin/tinysshd-makekey
=== Wed Jul 27 14:44:13 UTC 2016 ===   installing /tmp/tinyssh-build/build/bin/tinysshd-printkey -> /tmp/tinyssh-release/usr/bin/tinysshd-printkey
=== Wed Jul 27 14:44:13 UTC 2016 ===   installing /tmp/tinyssh-build/build/bin/tinysshd -> /tmp/tinyssh-release/usr/bin/tinysshd
=== Wed Jul 27 14:44:13 UTC 2016 === finishing
=== Wed Jul 27 14:44:13 UTC 2016 === installing man directory /tmp/tinyssh-release/usr/share/man
_tinysshd-install: fatal: unable to stat directory /tmp/tinyssh-release/usr/share/man/man1 (file does not exist)
make[1]: *** [Makefile:6: install] Error 111
make[1]: Leaving directory '/tmp/tinyssh-build'
make: *** [Makefile:30: build] Error 2

It looks like this is because the code creates manfiles directly in ${man}, but the install code expects to find it in man/man$n/. Digging in now to see if I can get a clean patch to fix it

opentest failed (musl libc)

=== Thu May 26 19:42:23 GMT 2016 ===   numtostrtest ok
=== Thu May 26 19:42:23 GMT 2016 ===   opentest failed ... see the log /tmp/tinyssh-master/build/log

build.log:

=== Thu May 26 19:42:23 GMT 2016 ===   newenvtest ok
numtostrtest.c:299:8: warning: integer constant is so large that it is unsigned [enabled by default]
     { -9223372036854775808LL, "-9223372036854775808" },
        ^
numtostrtest.c:299:5: warning: this decimal constant is unsigned only in ISO C90 [enabled by default]
     { -9223372036854775808LL, "-9223372036854775808" },
     ^
=== Thu May 26 19:42:23 GMT 2016 ===   numtostrtest ok
opentest.c:62: process exited with status = 0

Tests fail when run as root

I'm building tinyssh in a Docker container, inside which the builds run as UID 0. It appears that in this condition, the dropuidgid test fails.

Here's it working as a non-root user:

[regular@c2ca8f4e10b3 upstream]$ ./make-tinyssh.sh
=== Wed Oct 19 01:33:56 UTC 2016 === obtaining compiler
=== Wed Oct 19 01:33:56 UTC 2016 ===   cc -O3 -fomit-frame-pointer -funroll-loops ok
=== Wed Oct 19 01:33:56 UTC 2016 === finishing
=== Wed Oct 19 01:33:56 UTC 2016 === checking compiler options
=== Wed Oct 19 01:33:56 UTC 2016 ===   -pedantic ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -Wall ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -Wno-long-long ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -Wno-overlength-strings ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -Wno-unused-function ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -Wshadow ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -Wdeclaration-after-statement ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -Wwrite-strings ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -Wmissing-declarations ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -Wmissing-prototypes ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -Wstrict-prototypes ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -Wunused-value ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -Wunused-parameter ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -Wundef ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -fstack-protector-strong ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -fwrapv ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -fno-strict-overflow ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   cc -O3 -fomit-frame-pointer -funroll-loops -pedantic -Wall -Wno-long-long -Wno-overlength-strings -Wno-unused-function -Wshadow -Wdeclaration-after-statement -Wwrite-strings -Wmissing-declarations -Wmissing-prototypes -Wstrict-prototypes -Wunused-value -Wunused-parameter -Wundef -fstack-protector-strong -fwrapv -fno-strict-overflow
=== Wed Oct 19 01:33:56 UTC 2016 === finishing
=== Wed Oct 19 01:33:56 UTC 2016 === checking libs
=== Wed Oct 19 01:33:56 UTC 2016 ===   -lutil ok
=== Wed Oct 19 01:33:56 UTC 2016 ===   -lsocket -lnsl failed
=== Wed Oct 19 01:33:56 UTC 2016 ===   -lrt ok
=== Wed Oct 19 01:33:56 UTC 2016 === finishing
=== Wed Oct 19 01:33:56 UTC 2016 === checking $LIBS
=== Wed Oct 19 01:33:56 UTC 2016 === finishing
=== Wed Oct 19 01:33:56 UTC 2016 === building sysdep headers
=== Wed Oct 19 01:33:56 UTC 2016 ===   hasasmvolatilememory.h hasasmvolatilememory.h-yes
=== Wed Oct 19 01:33:56 UTC 2016 ===   hasmlock.h hasmlock.h-yes
=== Wed Oct 19 01:33:56 UTC 2016 ===   haslibutilh.h default.h-no
=== Wed Oct 19 01:33:56 UTC 2016 ===   hasutilh.h default.h-no
=== Wed Oct 19 01:33:57 UTC 2016 ===   hasopenpty.h hasopenpty.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 ===   haslogintty.h haslogintty.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 ===   hasutmpx.h hasutmpx.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 ===   hasutmpxupdwtmpx.h hasutmpxupdwtmpx.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 ===   hasutmpxsyslen.h default.h-no
=== Wed Oct 19 01:33:57 UTC 2016 ===   hasutmp.h hasutmp.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 ===   hasutmpname.h hasutmpname.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 ===   hasutmpuser.h hasutmpuser.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 ===   hasutmphost.h hasutmphost.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 ===   hasutmptime.h hasutmptime.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 ===   hasutmptv.h hasutmptv.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 ===   hasutmppid.h hasutmppid.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 ===   hasutmptype.h hasutmptype.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 ===   hasutmplogwtmp.h hasutmplogwtmp.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 ===   hasutmploginlogout.h hasutmploginlogout.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 ===   order.h order.h-runtime-little
=== Wed Oct 19 01:33:57 UTC 2016 === finishing
=== Wed Oct 19 01:33:57 UTC 2016 === starting crypto lib
=== Wed Oct 19 01:34:00 UTC 2016 ===   libtinynacl.a ok
=== Wed Oct 19 01:34:00 UTC 2016 === finishing
=== Wed Oct 19 01:34:00 UTC 2016 === starting crypto headers
=== Wed Oct 19 01:34:00 UTC 2016 ===   crypto_stream_chacha20.h (tinynacl\n) ok
=== Wed Oct 19 01:34:00 UTC 2016 ===   crypto_onetimeauth_poly1305.h (tinynacl\n) ok
=== Wed Oct 19 01:34:00 UTC 2016 ===   crypto_auth_hmacsha256.h (tinynacl\n) ok
=== Wed Oct 19 01:34:00 UTC 2016 ===   crypto_hash_sha512.h (tinynacl\n) ok
=== Wed Oct 19 01:34:01 UTC 2016 ===   crypto_hash_sha256.h (tinynacl\n) ok
=== Wed Oct 19 01:34:01 UTC 2016 ===   crypto_verify_16.h (tinynacl\n) ok
=== Wed Oct 19 01:34:01 UTC 2016 ===   crypto_verify_32.h (tinynacl\n) ok
=== Wed Oct 19 01:34:01 UTC 2016 ===   crypto_core_aes256encrypt.h (tinynacl\n) ok
=== Wed Oct 19 01:34:02 UTC 2016 ===   crypto_scalarmult_curve25519.h (tinynacl\n) ok
=== Wed Oct 19 01:34:03 UTC 2016 ===   crypto_scalarmult_nistp256.h (tinynacl\n) ok
=== Wed Oct 19 01:34:04 UTC 2016 ===   crypto_sign_ed25519.h (tinynacl\n) ok
=== Wed Oct 19 01:34:06 UTC 2016 ===   crypto_sign_nistp256ecdsa.h (tinynacl\n) ok
=== Wed Oct 19 01:34:06 UTC 2016 === finishing
=== Wed Oct 19 01:34:06 UTC 2016 === starting tinyssh objects
=== Wed Oct 19 01:34:06 UTC 2016 ===   blocking.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   buf.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   byte.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   channel.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   channel_drop.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   channel_fork.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   channel_forkpty.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   channel_subsystem.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   coe.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   connectioninfo.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   die.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   dropuidgid.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   e.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   env.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   getln.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   global.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   iptostr.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   load.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   log.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   loginshell.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   logsys.o ok
=== Wed Oct 19 01:34:07 UTC 2016 ===   newenv.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   numtostr.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   open.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packet.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packet_auth.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packet_channel_open.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packet_channel_recv.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packet_channel_request.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packet_channel_send.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packet_get.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packet_hello.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packet_kex.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packet_kexdh.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packetparser.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packet_put.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packet_recv.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packet_send.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   packet_unimplemented.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   porttostr.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   randommod.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   readall.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   savesync.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   ssh.o ok
=== Wed Oct 19 01:34:08 UTC 2016 ===   sshcrypto.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   sshcrypto_cipher.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   sshcrypto_cipher_aesctr.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   sshcrypto_cipher_aesctr256.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   sshcrypto_cipher_chachapoly.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   sshcrypto_kex.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   sshcrypto_kex_curve25519.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   sshcrypto_kex_nistp256.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   sshcrypto_key.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   sshcrypto_key_ed25519.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   sshcrypto_key_nistp256ecdsa.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   str.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   stringparser.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   subprocess_auth.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   subprocess_sign.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   tinysshd.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   tinysshd-makekey.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   tinysshd-printkey.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   trymlock.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   writeall.o ok
=== Wed Oct 19 01:34:09 UTC 2016 ===   tinysshd-makekey.o ok
=== Wed Oct 19 01:34:10 UTC 2016 ===   tinysshd-printkey.o ok
=== Wed Oct 19 01:34:10 UTC 2016 ===   tinysshd.o ok
=== Wed Oct 19 01:34:10 UTC 2016 ===   _tinysshd-printkex.o ok
=== Wed Oct 19 01:34:10 UTC 2016 ===   _tinysshd-unauthenticated.o ok
=== Wed Oct 19 01:34:10 UTC 2016 ===   _tinysshd-install.o ok
=== Wed Oct 19 01:34:10 UTC 2016 ===   _tinysshd-test-hello1.o ok
=== Wed Oct 19 01:34:10 UTC 2016 ===   _tinysshd-test-hello2.o ok
=== Wed Oct 19 01:34:10 UTC 2016 ===   _tinysshd-test-kex1.o ok
=== Wed Oct 19 01:34:10 UTC 2016 ===   _tinysshd-test-kex2.o ok
=== Wed Oct 19 01:34:10 UTC 2016 === finishing
=== Wed Oct 19 01:34:10 UTC 2016 === starting tinyssh-tests
=== Wed Oct 19 01:34:10 UTC 2016 ===   blockingtest ok
=== Wed Oct 19 01:34:10 UTC 2016 ===   buftest ok
=== Wed Oct 19 01:34:10 UTC 2016 ===   bytetest ok
=== Wed Oct 19 01:34:10 UTC 2016 ===   channel_forktest ok
=== Wed Oct 19 01:34:10 UTC 2016 ===   channeltest ok
=== Wed Oct 19 01:34:10 UTC 2016 ===   channel_subsystemtest ok
=== Wed Oct 19 01:34:11 UTC 2016 ===   coetest ok
=== Wed Oct 19 01:34:11 UTC 2016 ===   connectioninfotest ok
=== Wed Oct 19 01:34:11 UTC 2016 ===   dropuidgidtest ok
=== Wed Oct 19 01:34:11 UTC 2016 ===   envtest ok
=== Wed Oct 19 01:34:11 UTC 2016 ===   etest ok
=== Wed Oct 19 01:34:11 UTC 2016 ===   getlntest ok
=== Wed Oct 19 01:34:11 UTC 2016 ===   globaltest ok
=== Wed Oct 19 01:34:11 UTC 2016 ===   iptostrtest ok
=== Wed Oct 19 01:34:11 UTC 2016 ===   loadtest ok
=== Wed Oct 19 01:34:11 UTC 2016 ===   loginshelltest ok
=== Wed Oct 19 01:34:11 UTC 2016 ===   logtest ok
=== Wed Oct 19 01:34:11 UTC 2016 ===   newenvtest ok
=== Wed Oct 19 01:34:11 UTC 2016 ===   numtostrtest ok
=== Wed Oct 19 01:34:12 UTC 2016 ===   opentest ok
=== Wed Oct 19 01:34:12 UTC 2016 ===   packetparsertest ok
=== Wed Oct 19 01:34:12 UTC 2016 ===   porttostrtest ok
=== Wed Oct 19 01:34:12 UTC 2016 ===   randommodtest ok
=== Wed Oct 19 01:34:12 UTC 2016 ===   readalltest ok
=== Wed Oct 19 01:34:12 UTC 2016 ===   savesynctest ok
=== Wed Oct 19 01:34:12 UTC 2016 ===   sshcryptotest ok
=== Wed Oct 19 01:34:12 UTC 2016 ===   sshtest ok
=== Wed Oct 19 01:34:12 UTC 2016 ===   stringparsertest ok
=== Wed Oct 19 01:34:12 UTC 2016 ===   strtest ok
=== Wed Oct 19 01:34:13 UTC 2016 ===   subprocess_authtest ok
=== Wed Oct 19 01:34:13 UTC 2016 ===   subprocess_signtest ok
=== Wed Oct 19 01:34:13 UTC 2016 ===   trymlocktest ok
=== Wed Oct 19 01:34:13 UTC 2016 ===   writealltest ok
=== Wed Oct 19 01:34:13 UTC 2016 === finishing
=== Wed Oct 19 01:34:13 UTC 2016 === starting _tinyssh
=== Wed Oct 19 01:34:13 UTC 2016 ===   _tinysshd-printkex ok
=== Wed Oct 19 01:34:13 UTC 2016 ===   _tinysshd-unauthenticated ok
=== Wed Oct 19 01:34:13 UTC 2016 ===   _tinysshd-install ok
=== Wed Oct 19 01:34:13 UTC 2016 ===   _tinysshd-test-hello1 ok
=== Wed Oct 19 01:34:13 UTC 2016 ===   _tinysshd-test-hello2 ok
=== Wed Oct 19 01:34:13 UTC 2016 ===   _tinysshd-test-kex1 ok
=== Wed Oct 19 01:34:13 UTC 2016 ===   _tinysshd-test-kex2 ok
=== Wed Oct 19 01:34:13 UTC 2016 === finishing
=== Wed Oct 19 01:34:13 UTC 2016 === starting tinyssh
=== Wed Oct 19 01:34:13 UTC 2016 ===   tinysshd-makekey ok
=== Wed Oct 19 01:34:13 UTC 2016 ===   tinysshd-printkey ok
=== Wed Oct 19 01:34:13 UTC 2016 ===   tinysshd ok
=== Wed Oct 19 01:34:13 UTC 2016 === finishing
=== Wed Oct 19 01:34:13 UTC 2016 === starting tinyssh regression tests
=== Wed Oct 19 01:34:13 UTC 2016 ===   tinysshd-makekey ok
=== Wed Oct 19 01:34:13 UTC 2016 ===   tinysshd-printkey ok
=== Wed Oct 19 01:34:14 UTC 2016 ===   tinysshd ok
=== Wed Oct 19 01:34:14 UTC 2016 === finishing
=== Wed Oct 19 01:34:14 UTC 2016 === starting manpages
=== Wed Oct 19 01:34:14 UTC 2016 === finishing
=== Wed Oct 19 01:34:14 UTC 2016 === counting words of code - tests
=== Wed Oct 19 01:34:14 UTC 2016 ===   tinyssh-tests 60486
=== Wed Oct 19 01:34:14 UTC 2016 ===   crypto-tests 9791
=== Wed Oct 19 01:34:14 UTC 2016 ===   _tinyssh 5473
=== Wed Oct 19 01:34:14 UTC 2016 ===   75736 words of code
=== Wed Oct 19 01:34:14 UTC 2016 === finishing
=== Wed Oct 19 01:34:14 UTC 2016 === counting words of code
=== Wed Oct 19 01:34:14 UTC 2016 ===   sysdep 1195
=== Wed Oct 19 01:34:14 UTC 2016 ===   tinyssh 40790
=== Wed Oct 19 01:34:14 UTC 2016 ===   crypto 28077
=== Wed Oct 19 01:34:14 UTC 2016 ===   70048 words of code
=== Wed Oct 19 01:34:14 UTC 2016 === finishing

And here's it failing in the identical env, but as root:

[root@c2ca8f4e10b3 upstream]# ./make-tinyssh.sh
=== Wed Oct 19 01:37:30 UTC 2016 === obtaining compiler
=== Wed Oct 19 01:37:30 UTC 2016 ===   cc -O3 -fomit-frame-pointer -funroll-loops ok
=== Wed Oct 19 01:37:30 UTC 2016 === finishing
=== Wed Oct 19 01:37:30 UTC 2016 === checking compiler options
=== Wed Oct 19 01:37:30 UTC 2016 ===   -pedantic ok
=== Wed Oct 19 01:37:30 UTC 2016 ===   -Wall ok
=== Wed Oct 19 01:37:30 UTC 2016 ===   -Wno-long-long ok
=== Wed Oct 19 01:37:30 UTC 2016 ===   -Wno-overlength-strings ok
=== Wed Oct 19 01:37:30 UTC 2016 ===   -Wno-unused-function ok
=== Wed Oct 19 01:37:30 UTC 2016 ===   -Wshadow ok
=== Wed Oct 19 01:37:30 UTC 2016 ===   -Wdeclaration-after-statement ok
=== Wed Oct 19 01:37:30 UTC 2016 ===   -Wwrite-strings ok
=== Wed Oct 19 01:37:31 UTC 2016 ===   -Wmissing-declarations ok
=== Wed Oct 19 01:37:31 UTC 2016 ===   -Wmissing-prototypes ok
=== Wed Oct 19 01:37:31 UTC 2016 ===   -Wstrict-prototypes ok
=== Wed Oct 19 01:37:31 UTC 2016 ===   -Wunused-value ok
=== Wed Oct 19 01:37:31 UTC 2016 ===   -Wunused-parameter ok
=== Wed Oct 19 01:37:31 UTC 2016 ===   -Wundef ok
=== Wed Oct 19 01:37:31 UTC 2016 ===   -fstack-protector-strong ok
=== Wed Oct 19 01:37:31 UTC 2016 ===   -fwrapv ok
=== Wed Oct 19 01:37:31 UTC 2016 ===   -fno-strict-overflow ok
=== Wed Oct 19 01:37:31 UTC 2016 ===   cc -O3 -fomit-frame-pointer -funroll-loops -pedantic -Wall -Wno-long-long -Wno-overlength-strings -Wno-unused-function -Wshadow -Wdeclaration-after-statement -Wwrite-strings -Wmissing-declarations -Wmissing-prototypes -Wstrict-prototypes -Wunused-value -Wunused-parameter -Wundef -fstack-protector-strong -fwrapv -fno-strict-overflow
=== Wed Oct 19 01:37:31 UTC 2016 === finishing
=== Wed Oct 19 01:37:31 UTC 2016 === checking libs
=== Wed Oct 19 01:37:31 UTC 2016 ===   -lutil ok
=== Wed Oct 19 01:37:31 UTC 2016 ===   -lsocket -lnsl failed
=== Wed Oct 19 01:37:31 UTC 2016 ===   -lrt ok
=== Wed Oct 19 01:37:31 UTC 2016 === finishing
=== Wed Oct 19 01:37:31 UTC 2016 === checking $LIBS
=== Wed Oct 19 01:37:31 UTC 2016 === finishing
=== Wed Oct 19 01:37:31 UTC 2016 === building sysdep headers
=== Wed Oct 19 01:37:31 UTC 2016 ===   hasasmvolatilememory.h hasasmvolatilememory.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 ===   hasmlock.h hasmlock.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 ===   haslibutilh.h default.h-no
=== Wed Oct 19 01:37:31 UTC 2016 ===   hasutilh.h default.h-no
=== Wed Oct 19 01:37:31 UTC 2016 ===   hasopenpty.h hasopenpty.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 ===   haslogintty.h haslogintty.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 ===   hasutmpx.h hasutmpx.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 ===   hasutmpxupdwtmpx.h hasutmpxupdwtmpx.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 ===   hasutmpxsyslen.h default.h-no
=== Wed Oct 19 01:37:31 UTC 2016 ===   hasutmp.h hasutmp.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 ===   hasutmpname.h hasutmpname.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 ===   hasutmpuser.h hasutmpuser.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 ===   hasutmphost.h hasutmphost.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 ===   hasutmptime.h hasutmptime.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 ===   hasutmptv.h hasutmptv.h-yes
=== Wed Oct 19 01:37:32 UTC 2016 ===   hasutmppid.h hasutmppid.h-yes
=== Wed Oct 19 01:37:32 UTC 2016 ===   hasutmptype.h hasutmptype.h-yes
=== Wed Oct 19 01:37:32 UTC 2016 ===   hasutmplogwtmp.h hasutmplogwtmp.h-yes
=== Wed Oct 19 01:37:32 UTC 2016 ===   hasutmploginlogout.h hasutmploginlogout.h-yes
=== Wed Oct 19 01:37:32 UTC 2016 ===   order.h order.h-runtime-little
=== Wed Oct 19 01:37:32 UTC 2016 === finishing
=== Wed Oct 19 01:37:32 UTC 2016 === starting crypto lib
=== Wed Oct 19 01:37:34 UTC 2016 ===   libtinynacl.a ok
=== Wed Oct 19 01:37:34 UTC 2016 === finishing
=== Wed Oct 19 01:37:34 UTC 2016 === starting crypto headers
=== Wed Oct 19 01:37:34 UTC 2016 ===   crypto_stream_chacha20.h (tinynacl\n) ok
=== Wed Oct 19 01:37:35 UTC 2016 ===   crypto_onetimeauth_poly1305.h (tinynacl\n) ok
=== Wed Oct 19 01:37:35 UTC 2016 ===   crypto_auth_hmacsha256.h (tinynacl\n) ok
=== Wed Oct 19 01:37:35 UTC 2016 ===   crypto_hash_sha512.h (tinynacl\n) ok
=== Wed Oct 19 01:37:35 UTC 2016 ===   crypto_hash_sha256.h (tinynacl\n) ok
=== Wed Oct 19 01:37:35 UTC 2016 ===   crypto_verify_16.h (tinynacl\n) ok
=== Wed Oct 19 01:37:35 UTC 2016 ===   crypto_verify_32.h (tinynacl\n) ok
=== Wed Oct 19 01:37:36 UTC 2016 ===   crypto_core_aes256encrypt.h (tinynacl\n) ok
=== Wed Oct 19 01:37:37 UTC 2016 ===   crypto_scalarmult_curve25519.h (tinynacl\n) ok
=== Wed Oct 19 01:37:38 UTC 2016 ===   crypto_scalarmult_nistp256.h (tinynacl\n) ok
=== Wed Oct 19 01:37:39 UTC 2016 ===   crypto_sign_ed25519.h (tinynacl\n) ok
=== Wed Oct 19 01:37:41 UTC 2016 ===   crypto_sign_nistp256ecdsa.h (tinynacl\n) ok
=== Wed Oct 19 01:37:41 UTC 2016 === finishing
=== Wed Oct 19 01:37:41 UTC 2016 === starting tinyssh objects
=== Wed Oct 19 01:37:41 UTC 2016 ===   blocking.o ok
=== Wed Oct 19 01:37:41 UTC 2016 ===   buf.o ok
=== Wed Oct 19 01:37:41 UTC 2016 ===   byte.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   channel.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   channel_drop.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   channel_fork.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   channel_forkpty.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   channel_subsystem.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   coe.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   connectioninfo.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   die.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   dropuidgid.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   e.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   env.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   getln.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   global.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   iptostr.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   load.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   log.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   loginshell.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   logsys.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   newenv.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   numtostr.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   open.o ok
=== Wed Oct 19 01:37:42 UTC 2016 ===   packet.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   packet_auth.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   packet_channel_open.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   packet_channel_recv.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   packet_channel_request.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   packet_channel_send.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   packet_get.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   packet_hello.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   packet_kex.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   packet_kexdh.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   packetparser.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   packet_put.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   packet_recv.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   packet_send.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   packet_unimplemented.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   porttostr.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   randommod.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   readall.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   savesync.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   ssh.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   sshcrypto.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   sshcrypto_cipher.o ok
=== Wed Oct 19 01:37:43 UTC 2016 ===   sshcrypto_cipher_aesctr.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   sshcrypto_cipher_aesctr256.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   sshcrypto_cipher_chachapoly.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   sshcrypto_kex.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   sshcrypto_kex_curve25519.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   sshcrypto_kex_nistp256.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   sshcrypto_key.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   sshcrypto_key_ed25519.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   sshcrypto_key_nistp256ecdsa.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   str.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   stringparser.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   subprocess_auth.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   subprocess_sign.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   tinysshd.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   tinysshd-makekey.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   tinysshd-printkey.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   trymlock.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   writeall.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   tinysshd-makekey.o ok
=== Wed Oct 19 01:37:44 UTC 2016 ===   tinysshd-printkey.o ok
=== Wed Oct 19 01:37:45 UTC 2016 ===   tinysshd.o ok
=== Wed Oct 19 01:37:45 UTC 2016 ===   _tinysshd-printkex.o ok
=== Wed Oct 19 01:37:45 UTC 2016 ===   _tinysshd-unauthenticated.o ok
=== Wed Oct 19 01:37:45 UTC 2016 ===   _tinysshd-install.o ok
=== Wed Oct 19 01:37:45 UTC 2016 ===   _tinysshd-test-hello1.o ok
=== Wed Oct 19 01:37:45 UTC 2016 ===   _tinysshd-test-hello2.o ok
=== Wed Oct 19 01:37:45 UTC 2016 ===   _tinysshd-test-kex1.o ok
=== Wed Oct 19 01:37:45 UTC 2016 ===   _tinysshd-test-kex2.o ok
=== Wed Oct 19 01:37:45 UTC 2016 === finishing
=== Wed Oct 19 01:37:45 UTC 2016 === starting tinyssh-tests
=== Wed Oct 19 01:37:45 UTC 2016 ===   blockingtest ok
=== Wed Oct 19 01:37:45 UTC 2016 ===   buftest ok
=== Wed Oct 19 01:37:45 UTC 2016 ===   bytetest ok
=== Wed Oct 19 01:37:45 UTC 2016 ===   channel_forktest ok
=== Wed Oct 19 01:37:45 UTC 2016 ===   channeltest ok
=== Wed Oct 19 01:37:46 UTC 2016 ===   channel_subsystemtest ok
=== Wed Oct 19 01:37:46 UTC 2016 ===   coetest ok
=== Wed Oct 19 01:37:46 UTC 2016 ===   connectioninfotest ok
=== Wed Oct 19 01:37:46 UTC 2016 ===   dropuidgidtest failed ... see the log /opt/build/upstream/build/log

The additional context from the log:

dropuidgidtest.c:43: process exited with status != 0

I adjusted the make-tinyssh.sh script to halt after failing that test, letting me do some stracing of that binary.

The full strace output is here: https://gist.github.com/akerl/9454f8164fa92e2ca216802eee7d7a78

But it looks like the primary issue is that calling setgroups with [123000] returns EINVAL.

I'm a bit confused as to the purpose of this test, since it behaves differently if the user running the test is root vs nonroot. This also led to me checking the code, which appears to fail to support dropping group ID if you don't drop user ID (on https://github.com/janmojzis/tinyssh/blob/master/tinyssh/dropuidgid.c#L21 , the user and group are only changed if the UID needs to be changed, so for example, calling dropuidgid(0, 100) as (0, 0) will return success despite making no change.

FEATURE REQUEST: Display fingerprint on key creation

It would be nice if a key fingerprint was displayed at host key creation. Ass it stands now, there is no way to perform the initial fingerprint verification when you connect.

Signed arithmetic overflow in function numtostr

This very minor bug report is about a signed overflow in numtostr. When n is LLONG_MIN on a 2's complement machine, -n overflows:

tinyssh/tinyssh/numtostr.c

Line 24 in 853505f

n = -n;

This is of no practical consequence, except that it triggers warnings in tools used to detect undefined behavior, and these tools are useful to detect the UBs that have more immediate consequences—and are most useful when one doesn't need to investigate reports of currently harmless UB. Also there is no telling what C compilers will be able to do ten years from now in presence of this overflow.

The function has the following structure:

    char *numtostr(char *strbuf, long long n) {
      ...
      unsigned long long nn;
      int flagsign = 0;
      ...
      if (n < 0) {
        n = -n;          // <--- signed overflow
        flagsign = 1;
      }
      nn = n;
      ...                // <--- nn is modified here
      nn = n;

The shortest but perhaps puzzling fix would be to compute - in the unsigned long long type, converting back to long long when storing the result in n:

      if (n < 0) {
        n = -(unsigned long long)n;
        flagsign = 1;
      }

Now there are overflows when converting n to unsigned long long and the result of -(unsigned long long)n back to long long but these are respectively defined and implementation-defined.

A perhaps more readable fix would be to save the absolute value of n, since it is used twice, in an unsigned long long variable.

How to build a smaller tinysshd?

My objective is to build a tinysshd (static build, with musl libc) as small as possible. Performance is not an issue. The ssh client would be a recent ssh from OpenSSH.

Is it possible to easily build tinysshd with only ed25519 / chacha-poly1305 crypto? (ie. no nistp256ecdsa, no aes)
I have seen an old HackerNews post mentioning TweetNacl ( https://news.ycombinator.com/item?id=7727738 ) -- Is it still possible to build tinysshd with tweetnacl?

Thanks for Tinysshd!

Phil

Does not link properly to libsodium

When attempting to build with libsodium (as a drop-in libnacl replacement) as suggested in FAQ it does not actually links to libsodium:

export LIBS="-lsodium"
export CFLAGS="-I/usr/include/sodium"
...
=== Mon Aug 22 13:34:51 UTC 2022 === starting crypto headers
=== Mon Aug 22 13:34:51 UTC 2022 ===   crypto_stream_chacha20.h (tinyssh\n) ok
=== Mon Aug 22 13:34:52 UTC 2022 ===   crypto_onetimeauth_poly1305.h (tinyssh\n) ok
=== Mon Aug 22 13:34:52 UTC 2022 ===   crypto_hash_sha512.h (tinyssh\n) ok
=== Mon Aug 22 13:34:52 UTC 2022 ===   crypto_hash_sha256.h (tinyssh\n) ok
=== Mon Aug 22 13:34:52 UTC 2022 ===   crypto_verify_16.h (tinyssh\n) ok
=== Mon Aug 22 13:34:52 UTC 2022 ===   crypto_verify_32.h (tinyssh\n) ok
=== Mon Aug 22 13:34:53 UTC 2022 ===   crypto_scalarmult_curve25519.h (tinyssh\n) ok
=== Mon Aug 22 13:34:54 UTC 2022 ===   crypto_sign_ed25519.h (tinyssh\n) ok
=== Mon Aug 22 13:34:54 UTC 2022 ===   crypto_sort_uint32.h (tinyssh\n) ok
=== Mon Aug 22 13:34:56 UTC 2022 ===   crypto_kem_sntrup761.h (tinyssh\n) ok
=== Mon Aug 22 13:34:58 UTC 2022 ===   crypto_kem_sntrup761x25519.h (tinyssh\n) ok
=== Mon Aug 22 13:34:58 UTC 2022 === finishing

(Also note \n in tinyssh\n).

It seems because of errors like this:

=== Mon Aug 22 13:34:51 UTC 2022 === trying: ext. crypto_stream_chacha20:
In file included from crypto_stream_chacha20test.c:8:
misc.h:9:10: fatal error: crypto_uint8.h: No such file or directory
    9 | #include "crypto_uint8.h"
      |          ^~~~~~~~~~~~~~~~
compilation terminated.

Except for the symbol crypto_verify_16 which is alone linked to libsodium.

Adding -I${PWD}/crypto to CFLAGS fixes the problem:

export LIBS="-lsodium"
export CFLAGS="-I/usr/include/sodium -I${PWD}/crypto"
...
=== Mon Aug 22 13:41:33 UTC 2022 === starting crypto headers
=== Mon Aug 22 13:41:33 UTC 2022 ===   crypto_stream_chacha20.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 ===   crypto_onetimeauth_poly1305.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 ===   crypto_hash_sha512.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 ===   crypto_hash_sha256.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 ===   crypto_verify_16.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 ===   crypto_verify_32.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 ===   crypto_scalarmult_curve25519.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 ===   crypto_sign_ed25519.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 ===   crypto_sort_uint32.h (tinyssh\n) ok
=== Mon Aug 22 13:41:36 UTC 2022 ===   crypto_kem_sntrup761.h (tinyssh\n) ok
=== Mon Aug 22 13:41:38 UTC 2022 ===   crypto_kem_sntrup761x25519.h (tinyssh\n) ok
=== Mon Aug 22 13:41:38 UTC 2022 === finishing

Commiters

Could you set your git name and your git email to your registered email here on GitHub?

https://github.com/janmojzis/tinyssh/graphs/contributors

Build Error: tinysshd regression test failed

When I follow the Steps in https://tinyssh.org/install.html, I'll get the Error "tinysshd regression test failed" running make:
make.log.txt

Running "diff tinysshd.out tinysshd.exp" says:

480c480
< unable to send kex-message (broken pipe)
 ---
> unable to receive kex-message (connection reset)

SCP does not work in latest version

After upgrade to latest version 20220222-1 (Arch) SCP does not work anymore, SSH works all right.

Client: client_loop: send disconnect: Broken pipe, lost connection
Server's log: tinysshd[929]: tinysshd: JLiyKgwc: BUG: (protocol error){sshcrypto_cipher_chachapoly.c:88}

Help needed to reach stable and ready-for-use-in-production-environment states?

On Windows

Is it possible to compile tinyssh on Windows? For example on Cygwin?

Add conversion of private keys openssh

Hello,

I think it could be very useful to add directly in this project the possibility of converting openssh keys to tinyssh format with a different binary file (tinyssh-convert) so you do not have a big binary (tinyssh).

I know that there is already an unofficial and functional project here : https://github.com/ansemjo/tinyssh-convert but no distribution includes it.

For information : domain dead at the bottom of page https://tinyssh.org/faq.html : https://git.semjonov.de/ansemjo/tinyssh-convert

Tests should be optional

Hi,

I'd like to make a package of tinyssh in Gentoo, but currently it's required a lot of patching to build system.

Tests should be optional - otherwise it'll break cross compilation. Also portage runs under unprivileged user, so one test will always fail. Also because of that it's now impossible to crosscompile tinyssh.

Problems during runtime on Cygwin

Hi,

First of all, let me say I appreciate the work that's been put into this unique project; it's quite rare to see such a good, minimalist SSH server.

I'm trying to make use of TinySSH on Windows using Cygwin (using 3.0.7 which is the latest as of today) and despite managing to compile it successfully (no obvious error messages, process completes fully), I'm having some problems in what seems to be the "packet_hello.c" function:

I've modified the function a bit (the one with the tick doesn't produce an error while the one with a cross does) to produce some more debug output:

This is the output during runtime, which seems garbled:

Everything seems good from the client side, as shown by these OpenSSH and PuTTY logs:

I've not got any good leads to investigate but I believe this could either be a problem caused by Cygwin or perhaps a problem caused by the difference between Linux and Windows line terminators (not sure if the code takes this into account) ?

Many thanks for any assistance !

aarch64 build

Hi guys. I'm trying to build tinyssh from source (apt source tinysshd) in Ubuntu 20.04.2 (amd64) using crosscompiler
CC=aarch64-linux-gnu-gcc make for ARMv8

before make I did sudo apt-get build-dep tinyssh, but It did not help much.

Build fails on libtinynacl.a failed ... see the log /home/user/tinyssh-20190101/build/log
First it wanted libutil.h, so I installed sudo apt install libutil-freebsd-dev
But it wants a lot of other includes...

Are there any build images? How could I find nessesary libs and headers for build?

In file included from haslibutilh.h-yes.c:2:
/usr/include/libutil.h:43:10: fatal error: sys/_types.h: No such file or directory
43 | #include <sys/_types.h>
| ^~~~~~~~~~~~~~
compilation terminated.
hasutilh.h-yes.c:2:10: fatal error: util.h: No such file or directory
2 | #include <util.h>
| ^~~~~~~~
compilation terminated.
hasutmpxupdwtmpx.h-yes.c: In function 'foo':
hasutmpxupdwtmpx.h-yes.c:6:5: warning: implicit declaration of function 'updwtmpx' [-Wimplicit-function-declaration]
6 | updwtmpx("/nonexistent", &ut);
| ^~~~~~~~
hasutmpxsyslen.h-yes.c: In function 'main':
hasutmpxsyslen.h-yes.c:7:14: error: 'struct utmpx' has no member named 'ut_syslen'
7 | return ut.ut_syslen;
| ^
hasutmpxsyslen.h-yes.c:6:18: warning: variable 'ut' set but not used [-Wunused-but-set-variable]
6 | struct utmpx ut = {0};
| ^~
hasutmp.h-yes.c: In function 'main':
hasutmp.h-yes.c:8:17: warning: unused variable 'ut' [-Wunused-variable]
8 | struct utmp ut = {0};
| ^~
hasutmptype.h-yes.c: In function 'main':
hasutmptype.h-yes.c:8:17: warning: variable 'ut' set but not used [-Wunused-but-set-variable]
8 | struct utmp ut;
| ^~
=== Wed May 26 16:08:35 2021 === finishing
=== Wed May 26 16:08:35 2021 === starting crypto lib
cleanup.c:2:10: fatal error: hasasmvolatilememory.h: No such file or directory
2 | #include "hasasmvolatilememory.h"
| ^~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
=== Wed May 26 16:08:36 2021 === libtinynacl.a failed ... see the log /home/user/tinyssh-20190101/build/log

ed25519-sk support?

Not sure if this are already been ruled out because it might need a dep on libfido2 but if not... fido2 resident keys are pretty neato

Generate a key that lives on the actual fido2 device with:

ssh-keygen -t ed25519-sk -O resident

And then when working on a new computer you can load the keys into the current session with just:

ssh-add -K

sntrup761

It appears that [email protected] was removed from OpenSSH, and replaced with [email protected], at the behest of Daniel J. Bernstein.

"Per the authors, sntrup4591761 was replaced almost two years ago by sntrup761."

Can this key exchange be implemented in tinyssh?

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kexsntrup761x25519.c

improve documentation ; provide howto

I discovered Tinyssh in alpine using apk search ssh. I wanted to install a ssh server in a container.

I really value small software when dealing with security (less code, less bug, less vulnerabilities).

But I did not manage to use it due to lack of documentation.

There seem to be options, but not documented.

When I launch the exe, it ends up with a timeout whereas I was expecting a daemon.

The home page says 'which implements only a subset of SSHv2 features' but they are not listed. Basically I was wondering if it supports port forwarding.

I'm sure this tool deserve a proper readme.

In the meantime, I'll try to setup opensshd without exposing my system too much.

Inconsistent behavior of getln() on error

The getln() function behaves inconsistently w.r.t. closing the file descriptor on error - sometimes it does that, sometimes it doesn't. As the result, if getln() returns an error, the caller has no idea whether the file descriptor has been closed or not.

In general, closing the file descriptor is quite surprising behavior for such a function. If it is desirable for whatever reason, it would be nice to mention it in the comment describing the function.

Not building on OpenWrt

openwrt/packages#7919

This is the build log: https://gist.github.com/neheb/0c11d413757bcb5957e39561e6803039

It seems the proper include directory is not there.

I have no real time to work on this, thus posting it here.

"No" for Putty?

I think putty 0.65 and tinyssh has no common algorithm.
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Question: Post Quantum Crypto

Am I correct in assuming that this implementation of post quantum crypto only affects the key exchange?
https://github.com/janmojzis/tinyssh/blob/master/PROTOCOL.sntrup4591761x25519-sha512

If so, wouldn't this be only an experiment without adding security since the authentication of the server is still done using rsa (or other non post quanten algorithms)?

Meaning if someone has a quantum computer with the nessessary sice to break e.g. rsa 3072 that someone could circumvent the current use of post quanten crypto key exchange by a man in the middle attack and forging the then broken rsa Key of the server.

Is this assumtion correct?
If so what is the use case of the current implementation?

Add option to disable root logins

I have tinysshd running without any problems in Alpine Linux & will be introducing a tinysshd package to Alpine shortly.

Can a switch be added to disable root logins please ?

cleanup macro is removed by optimizing compilers

This report is for an instance of CWE-14 “Compiler Removal of Code to Clear Buffers” https://cwe.mitre.org/data/definitions/14.html

A cleanup macro is defined here and is used in several places to clear local variables of secrets: https://github.com/janmojzis/tinyssh/blob/97dd9e05f52482e46d660af81547c7c02669c1a2/crypto/cleanup.h

For instance on my computer, gcc invokes clang:

~/tinyssh $ gcc -v
Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr --with-gxx-include-dir=/usr/include/c++/4.2.1
Apple LLVM version 5.1 (clang-503.0.40) (based on LLVM 3.4svn)
Target: x86_64-apple-darwin13.4.0

And the result of the compilation of the function crypto_scalarmult_nistp256_tinynacl, that invokes the cleanup macro, is:

~/tinyssh $ otool -tV build/lib/libtinynacl.a | grep -A50 crypto_scalarmult_nistp256_tinynacl
_crypto_scalarmult_nistp256_tinynacl:
0000000000000000    pushq   %r15
0000000000000002    pushq   %r14
0000000000000004    pushq   %r12
0000000000000006    pushq   %rbx
0000000000000007    subq    $0xc8, %rsp
000000000000000e    movq    %rsi, %r14
0000000000000011    movq    %rdi, %rbx
0000000000000014    movq    ___stack_chk_guard(%rip), %r12
000000000000001b    movq    _crypto_scalarmult_nistp256_tinynacl(%r12), %rax
000000000000001f    movq    %rax, 0xc0(%rsp)
0000000000000027    leaq    0x60(%rsp), %rdi
000000000000002c    movq    %rdx, %rsi
000000000000002f    callq   _gep256_frombytes
0000000000000034    testl   %eax, %eax
0000000000000036    jne 0x5f
0000000000000038    leaq    _crypto_scalarmult_nistp256_tinynacl(%rsp), %r15
000000000000003c    leaq    0x60(%rsp), %rsi
0000000000000041    movq    %r15, %rdi
0000000000000044    movq    %r14, %rdx
0000000000000047    callq   _gep256_scalarmult
000000000000004c    movq    %rbx, %rdi
000000000000004f    movq    %r15, %rsi
0000000000000052    callq   _gep256_tobytes
0000000000000057    movl    %eax, %ecx
0000000000000059    xorl    %eax, %eax
000000000000005b    testl   %ecx, %ecx
000000000000005d    je  0xa3
000000000000005f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x38(%rbx)
0000000000000067    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x30(%rbx)
000000000000006f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x28(%rbx)
0000000000000077    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x20(%rbx)
000000000000007f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x18(%rbx)
0000000000000087    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x10(%rbx)
000000000000008f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x8(%rbx)
0000000000000097    movq    $_crypto_scalarmult_nistp256_tinynacl, _crypto_scalarmult_nistp256_tinynacl(%rbx)
000000000000009e    movl    $0xffffffff, %eax       ## imm = 0xFFFFFFFF
00000000000000a3    movq    _crypto_scalarmult_nistp256_tinynacl(%r12), %rcx
00000000000000a7    cmpq    0xc0(%rsp), %rcx
00000000000000af    jne 0xc0
00000000000000b1    addq    $0xc8, %rsp
00000000000000b8    popq    %rbx
00000000000000b9    popq    %r12
00000000000000bb    popq    %r14
00000000000000bd    popq    %r15
00000000000000bf    ret
00000000000000c0    callq   ___stack_chk_fail
00000000000000c5    nopw    %cs:_crypto_scalarmult_nistp256_tinynacl(%rax,%rax)
_crypto_scalarmult_nistp256_tinynacl_base:
…

The above is the translation of the source code below, from crypto/crypto_scalarmult_nistp256.c:

int crypto_scalarmult_nistp256_tinynacl(unsigned char *q, const unsigned char *n, const unsigned char *p) {

    gep256 P, Q;
    long long i;
    int ret = -1;

    if (gep256_frombytes(P, p) != 0) goto fail;
    gep256_scalarmult(Q, P, n);
    if (gep256_tobytes(q, Q) != 0) goto fail;
    ret = 0;
    goto cleanup;

fail:
    for (i = 0; i < 64; ++i) q[i] = 0;

cleanup:
    cleanup(P); cleanup(Q);
    return ret;
}

The for (i = 0; i < 64; ++i) q[i] = 0; was translated to the series of 8 movq instructions. The code that follows is the canary check. The code cleanup(P); cleanup(Q); was translated to nothing.

The real GCC, or any modern optimizing C compiler, will do the same and translate the invocations of cleanup() on all local variables at the end of their scopes to nothing.

There exists no perfect solution for this problem. The C11 standard introduced memset_s but it is the still the wrong idiom http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html and GCC can still translate that to nothing: http://goo.gl/LDfPHG (gcc.godbolt.org link by Samuel Neves). Also not everyone is using a C11 compiler yet.

I found that if I simply convert the array passed as argument to the cleanup() macro to a volatile pointer, my compiler does generate the code to clean up the local arrays:

~/tinyssh $ git diff
diff --git a/crypto/cleanup.h b/crypto/cleanup.h
index 0566c59..efb95d3 100644
--- a/crypto/cleanup.h
+++ b/crypto/cleanup.h
@@ -1,6 +1,6 @@
 #ifndef _CLEANUP_H____
 #define _CLEANUP_H____

-#define cleanup(x) for (i = 0; i < sizeof(x); ++i) ((char *)x)[i] = 0;
+#define cleanup(x) for (i = 0; i < sizeof(x); ++i) ((volatile char *)x)[i] = 0;

 #endif
~/tinyssh $ otool -tV build/lib/libtinynacl.a | grep -A50 crypto_scalarmult_nistp256_tinynacl
_crypto_scalarmult_nistp256_tinynacl:
0000000000000000    pushq   %r15
0000000000000002    pushq   %r14
0000000000000004    pushq   %r12
0000000000000006    pushq   %rbx
0000000000000007    subq    $0xc8, %rsp
000000000000000e    movq    %rsi, %r14
0000000000000011    movq    %rdi, %rbx
0000000000000014    movq    ___stack_chk_guard(%rip), %r12
000000000000001b    movq    _crypto_scalarmult_nistp256_tinynacl(%r12), %rax
000000000000001f    movq    %rax, 0xc0(%rsp)
0000000000000027    leaq    0x60(%rsp), %rdi
000000000000002c    movq    %rdx, %rsi
000000000000002f    callq   _gep256_frombytes
0000000000000034    testl   %eax, %eax
0000000000000036    jne 0x5f
0000000000000038    leaq    _crypto_scalarmult_nistp256_tinynacl(%rsp), %r15
000000000000003c    leaq    0x60(%rsp), %rsi
0000000000000041    movq    %r15, %rdi
0000000000000044    movq    %r14, %rdx
0000000000000047    callq   _gep256_scalarmult
000000000000004c    movq    %rbx, %rdi
000000000000004f    movq    %r15, %rsi
0000000000000052    callq   _gep256_tobytes
0000000000000057    movl    %eax, %ecx
0000000000000059    xorl    %eax, %eax
000000000000005b    testl   %ecx, %ecx
000000000000005d    je  0xa3
000000000000005f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x38(%rbx)
0000000000000067    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x30(%rbx)
000000000000006f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x28(%rbx)
0000000000000077    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x20(%rbx)
000000000000007f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x18(%rbx)
0000000000000087    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x10(%rbx)
000000000000008f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x8(%rbx)
0000000000000097    movq    $_crypto_scalarmult_nistp256_tinynacl, _crypto_scalarmult_nistp256_tinynacl(%rbx)
000000000000009e    movl    $0xffffffff, %eax       ## imm = 0xFFFFFFFF
00000000000000a3    xorl    %ecx, %ecx
00000000000000a5    xorl    %edx, %edx
00000000000000a7    nopw    _crypto_scalarmult_nistp256_tinynacl(%rax,%rax)
00000000000000b0    movb    $_crypto_scalarmult_nistp256_tinynacl, 0x60(%rsp,%rdx)
00000000000000b5    incq    %rdx
00000000000000b8    cmpq    $0x60, %rdx
00000000000000bc    jne 0xb0
00000000000000be    nop
00000000000000c0    movb    $_crypto_scalarmult_nistp256_tinynacl, _crypto_scalarmult_nistp256_tinynacl(%rsp,%rcx)
00000000000000c4    incq    %rcx
00000000000000c7    cmpq    $0x60, %rcx
00000000000000cb    jne 0xc0
00000000000000cd    movq    _crypto_scalarmult_nistp256_tinynacl(%r12), %rcx
00000000000000d1    cmpq    0xc0(%rsp), %rcx
00000000000000d9    jne 0xea
00000000000000db    addq    $0xc8, %rsp
00000000000000e2    popq    %rbx
00000000000000e3    popq    %r12
00000000000000e5    popq    %r14
00000000000000e7    popq    %r15
00000000000000e9    ret
00000000000000ea    callq   ___stack_chk_fail
00000000000000ef    nop
_crypto_scalarmult_nistp256_tinynacl_base:
…

Using the volatile qualifier this way is not perfect either, but it at least tricks some current compilers into doing the right thing, which is somewhat better than the reliable elimination of dead stores that happens without it.

Feature-parity with SSH commands via symlinks

I think TinySSHD would have a lot of reception if we can have feature parity command-wise with OpenSSH/Dropbear.

commands like ssh, ssh-keygen, sshd, etc. can be symlinked and recognized in the tinyssh-specific command. Just a little thought since you can't really drop-in replace using TinySSH since it'll break with applications like Ansible.

tinyssh-initramfs scripts for debian users

Hi,

I looked for an equivalent to mkinitcpio-tinyssh for debian and could not find it anywhere.
I made a quick one using initramfs-tools based on the already existing dropbear hooks and the Arch one.

Sharing it here for future users, feel free to include it in your repo if you wish.

https://git.sp4ke.com/sp4ke/tinyssh-initramfs

Feature Request: Add multiplexing functionality

It would be great to get multiplexing functionality in Tinyssh in order to reuse existing SSH connections for complex operations. We use this feature often in the context of rsync (ControlMaster option in SSH).

buffer over-read in ed25519_parsesignpk

The function byte_isequal is a constant-time comparison function that always reads all the bytes to compare.

In function ed25519_parsesignpk, the function byte_isequal is used to compare a string of an arbitrary length (chosen by the interlocutor) to the string literal "ssh-ed25519":

tinyssh/tinyssh/sshcrypto_key_ed25519.c

Line 51 in f5c4179

if (!byte_isequal(x + pos - len, len, "ssh-ed25519")) return 0;

It seems that a malicious interlocutor can send long strings to be passed to ed25519_parsesignpk in order to cause memory beyond "ssh-ed25519" to be read, with a crash as the consequence.

It is also possible that a malicious interlocutor might obtain all the contents of memory between the place where the string literal "ssh-ed25519" is stored and the first invalid page, one byte at a time, by sending successive strings that start with “ssh-ed25519”.

This issue was identified by @Karmaki and @miod.

Bound checking signed buffer lengths

Some of the bounds checks look a little strange. For example the following checks will pass if b->len + len or pos + outlen overflow (long long), violating the buffer bounds defined by b->alloc or len respectively:

https://github.com/janmojzis/tinyssh/blob/master/tinyssh/buf.c#L65
https://github.com/janmojzis/tinyssh/blob/master/tinyssh/packetparser.c#L51

Since signed overflow is undefined, compiling at -O3 without -fwrapv may optimize away a naive test for a+b<0 since both values are checked to be positive by the previous line. (I haven't gotten that to happen on my machine, though.)

The overall codebase is minimal and simple, so these conditions may be unreachable. Still, why not use size_t instead of long long?

Secondary groups not working

We use tinyssh in combination with AlpineLinux.

When log in with tinyssh the user has only the permissions from his primary group, but not from the secondary groups.

The secondary groups are also not shown with the commands 'id' or 'groups'

N/A

Nice mixture of wrong, inconsistent and non-relevant information

Hello! I hope i didn't wake anyone. No? Good.

Source: https://tinyssh.org/

Wrong | "Postquantum crypto: (...) chacha20-poly1305"; It is certainly nott part of the PQ algorithm family but an AEAD. It is out of scope of PQ research. See relevant sources. Post-quantum cryptographic primitive [email protected] and AEAD [email protected] were introduced in OpenSSH respectively in v. 8.5, now as default in v. 9.0, and v. 6.5, promoted as default cipher in v. 6.9. Worht noting: OpenSSL and OpenSSH differ each other in regard to software policies. OpenSSL, unlike OpenSSH, solely incorporates to its project algorithm implementations which have been standardised by a recognised national or internal standards entity. At this time there is no such standard for NTRU. NIST recently decided not to standardise NTRU. That's instead CRYSTALS-Kyber that was selected for standardisation. I guess that allows this project developer to state So TinySSH is in good company here!

Source: https://tinyssh.org/faq.html

inconsistent | "TinySSH has less than100000 words of code". It appears to be less than 50000. Take a look at the dust on that page; indeed, no surprise; that's year 2014 in command output! that one i liked. So since you like playing with numbers, let's state here 200000. That gives the project time to let an even thicker layer of dust growing. That's an achievement like another.

non-relevant | "TinySSH is promising ‘no older cryptographic primitives’, but md5 is available in crypto library. What does it mean? (...) since version 20150201 tinysshd-printkey is not using MD5, MD5 removed.". You are a fast-learner aren't you? So take a look at the dust here; that's year 2015. What is your point here? An exhibition of good-old-time memories to amuse us, readers?.

That much for today. All but serious matter.