janmojzis / tinyssh Goto Github PK
View Code? Open in Web Editor NEWTinySSH is small server (less than 100000 words of code)
License: Creative Commons Zero v1.0 Universal
TinySSH is small server (less than 100000 words of code)
License: Creative Commons Zero v1.0 Universal
Please set http://tinyssh.org/
as repo URL.
There is an Edit
link beside: TinySSH is small server (less than 100000 words of code)
The getln() function behaves inconsistently w.r.t. closing the file descriptor on error - sometimes it does that, sometimes it doesn't. As the result, if getln() returns an error, the caller has no idea whether the file descriptor has been closed or not.
In general, closing the file descriptor is quite surprising behavior for such a function. If it is desirable for whatever reason, it would be nice to mention it in the comment describing the function.
This report is for an instance of CWE-14 “Compiler Removal of Code to Clear Buffers” https://cwe.mitre.org/data/definitions/14.html
A cleanup
macro is defined here and is used in several places to clear local variables of secrets: https://github.com/janmojzis/tinyssh/blob/97dd9e05f52482e46d660af81547c7c02669c1a2/crypto/cleanup.h
For instance on my computer, gcc invokes clang:
~/tinyssh $ gcc -v
Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr --with-gxx-include-dir=/usr/include/c++/4.2.1
Apple LLVM version 5.1 (clang-503.0.40) (based on LLVM 3.4svn)
Target: x86_64-apple-darwin13.4.0
And the result of the compilation of the function crypto_scalarmult_nistp256_tinynacl
, that invokes the cleanup
macro, is:
~/tinyssh $ otool -tV build/lib/libtinynacl.a | grep -A50 crypto_scalarmult_nistp256_tinynacl
_crypto_scalarmult_nistp256_tinynacl:
0000000000000000 pushq %r15
0000000000000002 pushq %r14
0000000000000004 pushq %r12
0000000000000006 pushq %rbx
0000000000000007 subq $0xc8, %rsp
000000000000000e movq %rsi, %r14
0000000000000011 movq %rdi, %rbx
0000000000000014 movq ___stack_chk_guard(%rip), %r12
000000000000001b movq _crypto_scalarmult_nistp256_tinynacl(%r12), %rax
000000000000001f movq %rax, 0xc0(%rsp)
0000000000000027 leaq 0x60(%rsp), %rdi
000000000000002c movq %rdx, %rsi
000000000000002f callq _gep256_frombytes
0000000000000034 testl %eax, %eax
0000000000000036 jne 0x5f
0000000000000038 leaq _crypto_scalarmult_nistp256_tinynacl(%rsp), %r15
000000000000003c leaq 0x60(%rsp), %rsi
0000000000000041 movq %r15, %rdi
0000000000000044 movq %r14, %rdx
0000000000000047 callq _gep256_scalarmult
000000000000004c movq %rbx, %rdi
000000000000004f movq %r15, %rsi
0000000000000052 callq _gep256_tobytes
0000000000000057 movl %eax, %ecx
0000000000000059 xorl %eax, %eax
000000000000005b testl %ecx, %ecx
000000000000005d je 0xa3
000000000000005f movq $_crypto_scalarmult_nistp256_tinynacl, 0x38(%rbx)
0000000000000067 movq $_crypto_scalarmult_nistp256_tinynacl, 0x30(%rbx)
000000000000006f movq $_crypto_scalarmult_nistp256_tinynacl, 0x28(%rbx)
0000000000000077 movq $_crypto_scalarmult_nistp256_tinynacl, 0x20(%rbx)
000000000000007f movq $_crypto_scalarmult_nistp256_tinynacl, 0x18(%rbx)
0000000000000087 movq $_crypto_scalarmult_nistp256_tinynacl, 0x10(%rbx)
000000000000008f movq $_crypto_scalarmult_nistp256_tinynacl, 0x8(%rbx)
0000000000000097 movq $_crypto_scalarmult_nistp256_tinynacl, _crypto_scalarmult_nistp256_tinynacl(%rbx)
000000000000009e movl $0xffffffff, %eax ## imm = 0xFFFFFFFF
00000000000000a3 movq _crypto_scalarmult_nistp256_tinynacl(%r12), %rcx
00000000000000a7 cmpq 0xc0(%rsp), %rcx
00000000000000af jne 0xc0
00000000000000b1 addq $0xc8, %rsp
00000000000000b8 popq %rbx
00000000000000b9 popq %r12
00000000000000bb popq %r14
00000000000000bd popq %r15
00000000000000bf ret
00000000000000c0 callq ___stack_chk_fail
00000000000000c5 nopw %cs:_crypto_scalarmult_nistp256_tinynacl(%rax,%rax)
_crypto_scalarmult_nistp256_tinynacl_base:
…
The above is the translation of the source code below, from crypto/crypto_scalarmult_nistp256.c
:
int crypto_scalarmult_nistp256_tinynacl(unsigned char *q, const unsigned char *n, const unsigned char *p) {
gep256 P, Q;
long long i;
int ret = -1;
if (gep256_frombytes(P, p) != 0) goto fail;
gep256_scalarmult(Q, P, n);
if (gep256_tobytes(q, Q) != 0) goto fail;
ret = 0;
goto cleanup;
fail:
for (i = 0; i < 64; ++i) q[i] = 0;
cleanup:
cleanup(P); cleanup(Q);
return ret;
}
The for (i = 0; i < 64; ++i) q[i] = 0;
was translated to the series of 8 movq
instructions. The code that follows is the canary check. The code cleanup(P); cleanup(Q);
was translated to nothing.
The real GCC, or any modern optimizing C compiler, will do the same and translate the invocations of cleanup()
on all local variables at the end of their scopes to nothing.
There exists no perfect solution for this problem. The C11 standard introduced memset_s
but it is the still the wrong idiom http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html and GCC can still translate that to nothing: http://goo.gl/LDfPHG (gcc.godbolt.org link by Samuel Neves). Also not everyone is using a C11 compiler yet.
I found that if I simply convert the array passed as argument to the cleanup()
macro to a volatile
pointer, my compiler does generate the code to clean up the local arrays:
~/tinyssh $ git diff
diff --git a/crypto/cleanup.h b/crypto/cleanup.h
index 0566c59..efb95d3 100644
--- a/crypto/cleanup.h
+++ b/crypto/cleanup.h
@@ -1,6 +1,6 @@
#ifndef _CLEANUP_H____
#define _CLEANUP_H____
-#define cleanup(x) for (i = 0; i < sizeof(x); ++i) ((char *)x)[i] = 0;
+#define cleanup(x) for (i = 0; i < sizeof(x); ++i) ((volatile char *)x)[i] = 0;
#endif
~/tinyssh $ otool -tV build/lib/libtinynacl.a | grep -A50 crypto_scalarmult_nistp256_tinynacl
_crypto_scalarmult_nistp256_tinynacl:
0000000000000000 pushq %r15
0000000000000002 pushq %r14
0000000000000004 pushq %r12
0000000000000006 pushq %rbx
0000000000000007 subq $0xc8, %rsp
000000000000000e movq %rsi, %r14
0000000000000011 movq %rdi, %rbx
0000000000000014 movq ___stack_chk_guard(%rip), %r12
000000000000001b movq _crypto_scalarmult_nistp256_tinynacl(%r12), %rax
000000000000001f movq %rax, 0xc0(%rsp)
0000000000000027 leaq 0x60(%rsp), %rdi
000000000000002c movq %rdx, %rsi
000000000000002f callq _gep256_frombytes
0000000000000034 testl %eax, %eax
0000000000000036 jne 0x5f
0000000000000038 leaq _crypto_scalarmult_nistp256_tinynacl(%rsp), %r15
000000000000003c leaq 0x60(%rsp), %rsi
0000000000000041 movq %r15, %rdi
0000000000000044 movq %r14, %rdx
0000000000000047 callq _gep256_scalarmult
000000000000004c movq %rbx, %rdi
000000000000004f movq %r15, %rsi
0000000000000052 callq _gep256_tobytes
0000000000000057 movl %eax, %ecx
0000000000000059 xorl %eax, %eax
000000000000005b testl %ecx, %ecx
000000000000005d je 0xa3
000000000000005f movq $_crypto_scalarmult_nistp256_tinynacl, 0x38(%rbx)
0000000000000067 movq $_crypto_scalarmult_nistp256_tinynacl, 0x30(%rbx)
000000000000006f movq $_crypto_scalarmult_nistp256_tinynacl, 0x28(%rbx)
0000000000000077 movq $_crypto_scalarmult_nistp256_tinynacl, 0x20(%rbx)
000000000000007f movq $_crypto_scalarmult_nistp256_tinynacl, 0x18(%rbx)
0000000000000087 movq $_crypto_scalarmult_nistp256_tinynacl, 0x10(%rbx)
000000000000008f movq $_crypto_scalarmult_nistp256_tinynacl, 0x8(%rbx)
0000000000000097 movq $_crypto_scalarmult_nistp256_tinynacl, _crypto_scalarmult_nistp256_tinynacl(%rbx)
000000000000009e movl $0xffffffff, %eax ## imm = 0xFFFFFFFF
00000000000000a3 xorl %ecx, %ecx
00000000000000a5 xorl %edx, %edx
00000000000000a7 nopw _crypto_scalarmult_nistp256_tinynacl(%rax,%rax)
00000000000000b0 movb $_crypto_scalarmult_nistp256_tinynacl, 0x60(%rsp,%rdx)
00000000000000b5 incq %rdx
00000000000000b8 cmpq $0x60, %rdx
00000000000000bc jne 0xb0
00000000000000be nop
00000000000000c0 movb $_crypto_scalarmult_nistp256_tinynacl, _crypto_scalarmult_nistp256_tinynacl(%rsp,%rcx)
00000000000000c4 incq %rcx
00000000000000c7 cmpq $0x60, %rcx
00000000000000cb jne 0xc0
00000000000000cd movq _crypto_scalarmult_nistp256_tinynacl(%r12), %rcx
00000000000000d1 cmpq 0xc0(%rsp), %rcx
00000000000000d9 jne 0xea
00000000000000db addq $0xc8, %rsp
00000000000000e2 popq %rbx
00000000000000e3 popq %r12
00000000000000e5 popq %r14
00000000000000e7 popq %r15
00000000000000e9 ret
00000000000000ea callq ___stack_chk_fail
00000000000000ef nop
_crypto_scalarmult_nistp256_tinynacl_base:
…
Using the volatile
qualifier this way is not perfect either, but it at least tricks some current compilers into doing the right thing, which is somewhat better than the reliable elimination of dead stores that happens without it.
After upgrade to latest version 20220222-1 (Arch) SCP does not work anymore, SSH works all right.
Client: client_loop: send disconnect: Broken pipe
, lost connection
Server's log: tinysshd[929]: tinysshd: JLiyKgwc: BUG: (protocol error){sshcrypto_cipher_chachapoly.c:88}
We use tinyssh in combination with AlpineLinux.
When log in with tinyssh the user has only the permissions from his primary group, but not from the secondary groups.
The secondary groups are also not shown with the commands 'id' or 'groups'
Hi there,
Development seems completely stalled. Is there anything happening?
Regards.
Hi,
First of all, let me say I appreciate the work that's been put into this unique project; it's quite rare to see such a good, minimalist SSH server.
I'm trying to make use of TinySSH on Windows using Cygwin (using 3.0.7 which is the latest as of today) and despite managing to compile it successfully (no obvious error messages, process completes fully), I'm having some problems in what seems to be the "packet_hello.c" function:
I've modified the function a bit (the one with the tick doesn't produce an error while the one with a cross does) to produce some more debug output:
This is the output during runtime, which seems garbled:
Everything seems good from the client side, as shown by these OpenSSH and PuTTY logs:
I've not got any good leads to investigate but I believe this could either be a problem caused by Cygwin or perhaps a problem caused by the difference between Linux and Windows line terminators (not sure if the code takes this into account) ?
Many thanks for any assistance !
I discovered Tinyssh in alpine using apk search ssh
. I wanted to install a ssh server in a container.
I really value small software when dealing with security (less code, less bug, less vulnerabilities).
But I did not manage to use it due to lack of documentation.
There seem to be options, but not documented.
When I launch the exe, it ends up with a timeout whereas I was expecting a daemon.
The home page says 'which implements only a subset of SSHv2 features' but they are not listed. Basically I was wondering if it supports port forwarding.
I'm sure this tool deserve a proper readme.
In the meantime, I'll try to setup opensshd without exposing my system too much.
It would be great to get multiplexing functionality in Tinyssh in order to reuse existing SSH connections for complex operations. We use this feature often in the context of rsync (ControlMaster option in SSH).
SSHv2 keepalive
packets cause the connection to be reset intinysshd.c
(I was using ServerAliveInterval 60
in my ~/.ssh/config
)
daemon.info: Jul 18 20:05:07 tinysshd: M2lhPXOB: info: kex: kex selected: [email protected] {sshcrypto_kex.c:106}
daemon.info: Jul 18 20:05:07 tinysshd: M2lhPXOB: info: kex: key selected: ssh-ed25519 {sshcrypto_key.c:122}
daemon.info: Jul 18 20:05:07 tinysshd: M2lhPXOB: info: kex: cipher selected: [email protected] {sshcrypto_cipher.c:110}
daemon.info: Jul 18 20:05:07 tinysshd: M2lhPXOB: info: kex: mac selected: [email protected] {sshcrypto_cipher.c:111}
daemon.info: Jul 18 20:05:10 tinysshd: M2lhPXOB: info: auth: stuart: none rejected {packet_auth.c:144}
daemon.info: Jul 18 20:05:10 tinysshd: M2lhPXOB: info: auth: stuart: ssh-rsa rejected {packet_auth.c:144}
daemon.info: Jul 18 20:05:17 tinysshd: M2lhPXOB: info: auth: stuart: ssh-ed25519 accepted {packet_auth.c:158}
daemon.info: Jul 18 20:06:25 tinysshd: M2lhPXOB: fatal: unknown message type (temporary failure){tinysshd.c:303}
daemon.info: Jul 18 20:08:25 tinysshd: 5wbjLsha: info: kex: kex selected: [email protected] {sshcrypto_kex.c:106}
daemon.info: Jul 18 20:08:25 tinysshd: 5wbjLsha: info: kex: key selected: ssh-ed25519 {sshcrypto_key.c:122}
daemon.info: Jul 18 20:08:25 tinysshd: 5wbjLsha: info: kex: cipher selected: [email protected] {sshcrypto_cipher.c:110}
daemon.info: Jul 18 20:08:25 tinysshd: 5wbjLsha: info: kex: mac selected: [email protected] {sshcrypto_cipher.c:111}
daemon.info: Jul 18 20:08:28 tinysshd: 5wbjLsha: info: auth: stuart: none rejected {packet_auth.c:144}
daemon.info: Jul 18 20:08:28 tinysshd: 5wbjLsha: info: auth: stuart: ssh-rsa rejected {packet_auth.c:144}
daemon.info: Jul 18 20:08:35 tinysshd: 5wbjLsha: info: auth: stuart: ssh-ed25519 accepted {packet_auth.c:158}
daemon.info: Jul 18 20:09:36 tinysshd: 5wbjLsha: fatal: unknown message type {tinysshd.c:303}
`sniffing the interface shows the SSHv2 packet that causes the reset:
No. Time Source Destination Protocol Length Info
126 80.903015 LAN.IP VPN.IP TCP 54 22→61681 [FIN, ACK] Seq=1572 Ack=3961 Win=45664 Len=0
Frame 126: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94), Dst: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39)
Internet Protocol Version 4, Src: LAN.IP(LAN.IP), Dst: VPN.IP (VPN.IP)
Transmission Control Protocol, Src Port: 22 (22), Dst Port: 61681 (61681), Seq: 1572, Ack: 3961, Len: 0
No. Time Source Destination Protocol Length Info
127 80.928609 VPN.IP LAN.IP TCP 54 61681→22 [ACK] Seq=3961 Ack=1573 Win=59904 Len=0
Frame 127: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39), Dst: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94)
Internet Protocol Version 4, Src: VPN.IP (VPN.IP), Dst: LAN.IP(LAN.IP)
Transmission Control Protocol, Src Port: 61681 (61681), Dst Port: 22 (22), Seq: 3961, Ack: 1573, Len: 0
No. Time Source Destination Protocol Length Info
128 80.929648 VPN.IP LAN.IP SSHv2 114 Client: Encrypted packet (len=60)
Frame 128: 114 bytes on wire (912 bits), 114 bytes captured (912 bits)
Ethernet II, Src: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39), Dst: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94)
Internet Protocol Version 4, Src: VPN.IP (VPN.IP), Dst: LAN.IP(LAN.IP)
Transmission Control Protocol, Src Port: 61681 (61681), Dst Port: 22 (22), Seq: 3961, Ack: 1573, Len: 60
SSH Protocol
No. Time Source Destination Protocol Length Info
129 80.929665 LAN.IP VPN.IP TCP 54 22→61681 [RST] Seq=1573 Win=0 Len=0
Frame 129: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94), Dst: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39)
Internet Protocol Version 4, Src: LAN.IP(LAN.IP), Dst: VPN.IP (VPN.IP)
Transmission Control Protocol, Src Port: 22 (22), Dst Port: 61681 (61681), Seq: 1573, Len: 0
No. Time Source Destination Protocol Length Info
130 80.930936 VPN.IP LAN.IP TCP 54 61681→22 [FIN, ACK] Seq=4021 Ack=1573 Win=59904 Len=0
Frame 130: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39), Dst: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94)
Internet Protocol Version 4, Src: VPN.IP (VPN.IP), Dst: LAN.IP(LAN.IP)
Transmission Control Protocol, Src Port: 61681 (61681), Dst Port: 22 (22), Seq: 4021, Ack: 1573, Len: 0
No. Time Source Destination Protocol Length Info
131 80.930950 LAN.IP VPN.IP TCP 54 22→61681 [RST] Seq=1573 Win=0 Len=0
Frame 131: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94), Dst: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39)
Internet Protocol Version 4, Src: LAN.IP(LAN.IP), Dst: VPN.IP (VPN.IP)
Transmission Control Protocol, Src Port: 22 (22), Dst Port: 61681 (61681), Seq: 1573, Len: 0
Will ssh_send_keepalive
be part of /* XXX TODO - send SSH_MSG_UNIMPLEMENTED */
?
The automatic log out after 1 hour is nice. I've not had any problem with my build against libsodium
.
I've also been testing tinysshd
with fwknop
& have automatic logins through nat into LXC containers working.
I think TinySSHD would have a lot of reception if we can have feature parity command-wise with OpenSSH/Dropbear.
commands like ssh
, ssh-keygen
, sshd
, etc. can be symlinked and recognized in the tinyssh-specific command. Just a little thought since you can't really drop-in replace using TinySSH since it'll break with applications like Ansible.
I've noticed that my ssh sessions timeout after 3600 seconds. I think it's due to alarm(3600)
that is set after the ssh session is created and also for some "refresh timeout" that I'm not really sure about what it really is.
The timeout seems to be there for "session rekeying" that should take place every hour. However I can't really find code in tinysshd.c that forces any kind of session rekying serverside, so the client needs to do that?
What's the use for those alarms? Is it really intended for session rekeying and if yes, how should one handle this in combination with OpenSSH on clientside?
OpenSSH_7.3p1 offers no session rekeying after N seconds as far as I can tell. Is it therefore safe to disable those alarms with a patch like this?
--- a/tinyssh/tinysshd.c
+++ b/tinyssh/tinysshd.c
@@ -170,7 +170,7 @@ rekeying:
}
/* note: user is authenticated and authorized */
- alarm(3600);
+ alarm(0);
/* main loop */
for (;;) {
@@ -237,7 +237,7 @@ rekeying:
/* receive data from network */
if (watch0) {
- alarm(3600); /* refresh timeout */
+ alarm(0); /* refresh timeout */
if (!packet_recv()) {
if (channel_iseof()) break; /* XXX */
die_fatal("unable to receive data from network", 0, 0);
Thank you for your help.
Where to find your GPG keys to verify tar and git tag signatures?
I cannot find them on tinyssh web page. But you mention to use them:
$ gpg2 --verify 20230101.tar.gz.asc 20230101.tar.gz
gpg: Signature made Sun 01 Jan 2023 02:35:41 AM MSK
gpg: using RSA key D008B0C23D8479E46B9FCB9045DA517496939FF9
gpg: Can't check signature: No public key
Key search D008B0C23D8479E46B9FCB9045DA517496939FF9 from keys.openpgp.org gives https://keys.openpgp.org/vks/v1/by-fingerprint/AADF2EDF5529F1702772C8A2DEC4D246931EF49B which is not usable:
$ gpg2 --import AADF2EDF5529F1702772C8A2DEC4D246931EF49B
gpg: key DEC4D246931EF49B: no user ID
gpg: Total number processed: 1
Also, there's no key at https://github.com/janmojzis.gpg
-----BEGIN PGP PUBLIC KEY BLOCK-----
Note: The keys with the following IDs couldn't be exported and need to be reuploaded DEC4D246931EF49B
=twTO
-----END PGP PUBLIC KEY BLOCK-----
current arhclinux, gives me this on a sshfs attempt.. not sure if bug or just a lacking feature?
tinysshd: cVG3YoxN: BUG: (protocol error){channel.c:214}
Not sure about the activity of project but you are a great dev mate!!
I HOPE what seems as a slowdown of activity is simply because of a fairly complete package ,)
love from EUrope to .cz.
Ok, so that line indicates the channel pid is negative in channel_put.
Ignore error above; I didn't have sftp enabled in the tinysshd server. However, once I did, and can sftp in, I still get an error from tinyssh when trying sshfs:
tinysshd: eSIpVRao: BUG: (connection reset){packet_auth.c:57}
l57:
if (!packet_getall(b, SSH_MSG_USERAUTH_REQUEST)) bug();
SO some exchange issue, maybe I can browse some more tomorrow when I have more time. Although I don't recall if this is sshfs compatible (man sshfs saisi t used sftp which is why I realise the former mistake).
It would be nice if a key fingerprint was displayed at host key creation. Ass it stands now, there is no way to perform the initial fingerprint verification when you connect.
Some of the bounds checks look a little strange. For example the following checks will pass if b->len + len
or pos + outlen
overflow (long long)
, violating the buffer bounds defined by b->alloc
or len
respectively:
https://github.com/janmojzis/tinyssh/blob/master/tinyssh/buf.c#L65
https://github.com/janmojzis/tinyssh/blob/master/tinyssh/packetparser.c#L51
Since signed overflow is undefined, compiling at -O3
without -fwrapv
may optimize away a naive test for a+b<0
since both values are checked to be positive by the previous line. (I haven't gotten that to happen on my machine, though.)
The overall codebase is minimal and simple, so these conditions may be unreachable. Still, why not use size_t
instead of long long
?
Hi,
I'd like to make a package of tinyssh in Gentoo, but currently it's required a lot of patching to build system.
Tests should be optional - otherwise it'll break cross compilation. Also portage runs under unprivileged user, so one test will always fail. Also because of that it's now impossible to crosscompile tinyssh.
I'm building tinyssh in a Docker container, inside which the builds run as UID 0. It appears that in this condition, the dropuidgid test fails.
Here's it working as a non-root user:
[regular@c2ca8f4e10b3 upstream]$ ./make-tinyssh.sh
=== Wed Oct 19 01:33:56 UTC 2016 === obtaining compiler
=== Wed Oct 19 01:33:56 UTC 2016 === cc -O3 -fomit-frame-pointer -funroll-loops ok
=== Wed Oct 19 01:33:56 UTC 2016 === finishing
=== Wed Oct 19 01:33:56 UTC 2016 === checking compiler options
=== Wed Oct 19 01:33:56 UTC 2016 === -pedantic ok
=== Wed Oct 19 01:33:56 UTC 2016 === -Wall ok
=== Wed Oct 19 01:33:56 UTC 2016 === -Wno-long-long ok
=== Wed Oct 19 01:33:56 UTC 2016 === -Wno-overlength-strings ok
=== Wed Oct 19 01:33:56 UTC 2016 === -Wno-unused-function ok
=== Wed Oct 19 01:33:56 UTC 2016 === -Wshadow ok
=== Wed Oct 19 01:33:56 UTC 2016 === -Wdeclaration-after-statement ok
=== Wed Oct 19 01:33:56 UTC 2016 === -Wwrite-strings ok
=== Wed Oct 19 01:33:56 UTC 2016 === -Wmissing-declarations ok
=== Wed Oct 19 01:33:56 UTC 2016 === -Wmissing-prototypes ok
=== Wed Oct 19 01:33:56 UTC 2016 === -Wstrict-prototypes ok
=== Wed Oct 19 01:33:56 UTC 2016 === -Wunused-value ok
=== Wed Oct 19 01:33:56 UTC 2016 === -Wunused-parameter ok
=== Wed Oct 19 01:33:56 UTC 2016 === -Wundef ok
=== Wed Oct 19 01:33:56 UTC 2016 === -fstack-protector-strong ok
=== Wed Oct 19 01:33:56 UTC 2016 === -fwrapv ok
=== Wed Oct 19 01:33:56 UTC 2016 === -fno-strict-overflow ok
=== Wed Oct 19 01:33:56 UTC 2016 === cc -O3 -fomit-frame-pointer -funroll-loops -pedantic -Wall -Wno-long-long -Wno-overlength-strings -Wno-unused-function -Wshadow -Wdeclaration-after-statement -Wwrite-strings -Wmissing-declarations -Wmissing-prototypes -Wstrict-prototypes -Wunused-value -Wunused-parameter -Wundef -fstack-protector-strong -fwrapv -fno-strict-overflow
=== Wed Oct 19 01:33:56 UTC 2016 === finishing
=== Wed Oct 19 01:33:56 UTC 2016 === checking libs
=== Wed Oct 19 01:33:56 UTC 2016 === -lutil ok
=== Wed Oct 19 01:33:56 UTC 2016 === -lsocket -lnsl failed
=== Wed Oct 19 01:33:56 UTC 2016 === -lrt ok
=== Wed Oct 19 01:33:56 UTC 2016 === finishing
=== Wed Oct 19 01:33:56 UTC 2016 === checking $LIBS
=== Wed Oct 19 01:33:56 UTC 2016 === finishing
=== Wed Oct 19 01:33:56 UTC 2016 === building sysdep headers
=== Wed Oct 19 01:33:56 UTC 2016 === hasasmvolatilememory.h hasasmvolatilememory.h-yes
=== Wed Oct 19 01:33:56 UTC 2016 === hasmlock.h hasmlock.h-yes
=== Wed Oct 19 01:33:56 UTC 2016 === haslibutilh.h default.h-no
=== Wed Oct 19 01:33:56 UTC 2016 === hasutilh.h default.h-no
=== Wed Oct 19 01:33:57 UTC 2016 === hasopenpty.h hasopenpty.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 === haslogintty.h haslogintty.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 === hasutmpx.h hasutmpx.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 === hasutmpxupdwtmpx.h hasutmpxupdwtmpx.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 === hasutmpxsyslen.h default.h-no
=== Wed Oct 19 01:33:57 UTC 2016 === hasutmp.h hasutmp.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 === hasutmpname.h hasutmpname.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 === hasutmpuser.h hasutmpuser.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 === hasutmphost.h hasutmphost.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 === hasutmptime.h hasutmptime.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 === hasutmptv.h hasutmptv.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 === hasutmppid.h hasutmppid.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 === hasutmptype.h hasutmptype.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 === hasutmplogwtmp.h hasutmplogwtmp.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 === hasutmploginlogout.h hasutmploginlogout.h-yes
=== Wed Oct 19 01:33:57 UTC 2016 === order.h order.h-runtime-little
=== Wed Oct 19 01:33:57 UTC 2016 === finishing
=== Wed Oct 19 01:33:57 UTC 2016 === starting crypto lib
=== Wed Oct 19 01:34:00 UTC 2016 === libtinynacl.a ok
=== Wed Oct 19 01:34:00 UTC 2016 === finishing
=== Wed Oct 19 01:34:00 UTC 2016 === starting crypto headers
=== Wed Oct 19 01:34:00 UTC 2016 === crypto_stream_chacha20.h (tinynacl\n) ok
=== Wed Oct 19 01:34:00 UTC 2016 === crypto_onetimeauth_poly1305.h (tinynacl\n) ok
=== Wed Oct 19 01:34:00 UTC 2016 === crypto_auth_hmacsha256.h (tinynacl\n) ok
=== Wed Oct 19 01:34:00 UTC 2016 === crypto_hash_sha512.h (tinynacl\n) ok
=== Wed Oct 19 01:34:01 UTC 2016 === crypto_hash_sha256.h (tinynacl\n) ok
=== Wed Oct 19 01:34:01 UTC 2016 === crypto_verify_16.h (tinynacl\n) ok
=== Wed Oct 19 01:34:01 UTC 2016 === crypto_verify_32.h (tinynacl\n) ok
=== Wed Oct 19 01:34:01 UTC 2016 === crypto_core_aes256encrypt.h (tinynacl\n) ok
=== Wed Oct 19 01:34:02 UTC 2016 === crypto_scalarmult_curve25519.h (tinynacl\n) ok
=== Wed Oct 19 01:34:03 UTC 2016 === crypto_scalarmult_nistp256.h (tinynacl\n) ok
=== Wed Oct 19 01:34:04 UTC 2016 === crypto_sign_ed25519.h (tinynacl\n) ok
=== Wed Oct 19 01:34:06 UTC 2016 === crypto_sign_nistp256ecdsa.h (tinynacl\n) ok
=== Wed Oct 19 01:34:06 UTC 2016 === finishing
=== Wed Oct 19 01:34:06 UTC 2016 === starting tinyssh objects
=== Wed Oct 19 01:34:06 UTC 2016 === blocking.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === buf.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === byte.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === channel.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === channel_drop.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === channel_fork.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === channel_forkpty.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === channel_subsystem.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === coe.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === connectioninfo.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === die.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === dropuidgid.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === e.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === env.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === getln.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === global.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === iptostr.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === load.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === log.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === loginshell.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === logsys.o ok
=== Wed Oct 19 01:34:07 UTC 2016 === newenv.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === numtostr.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === open.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packet.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packet_auth.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packet_channel_open.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packet_channel_recv.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packet_channel_request.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packet_channel_send.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packet_get.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packet_hello.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packet_kex.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packet_kexdh.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packetparser.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packet_put.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packet_recv.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packet_send.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === packet_unimplemented.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === porttostr.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === randommod.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === readall.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === savesync.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === ssh.o ok
=== Wed Oct 19 01:34:08 UTC 2016 === sshcrypto.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === sshcrypto_cipher.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === sshcrypto_cipher_aesctr.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === sshcrypto_cipher_aesctr256.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === sshcrypto_cipher_chachapoly.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === sshcrypto_kex.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === sshcrypto_kex_curve25519.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === sshcrypto_kex_nistp256.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === sshcrypto_key.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === sshcrypto_key_ed25519.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === sshcrypto_key_nistp256ecdsa.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === str.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === stringparser.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === subprocess_auth.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === subprocess_sign.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === tinysshd.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === tinysshd-makekey.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === tinysshd-printkey.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === trymlock.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === writeall.o ok
=== Wed Oct 19 01:34:09 UTC 2016 === tinysshd-makekey.o ok
=== Wed Oct 19 01:34:10 UTC 2016 === tinysshd-printkey.o ok
=== Wed Oct 19 01:34:10 UTC 2016 === tinysshd.o ok
=== Wed Oct 19 01:34:10 UTC 2016 === _tinysshd-printkex.o ok
=== Wed Oct 19 01:34:10 UTC 2016 === _tinysshd-unauthenticated.o ok
=== Wed Oct 19 01:34:10 UTC 2016 === _tinysshd-install.o ok
=== Wed Oct 19 01:34:10 UTC 2016 === _tinysshd-test-hello1.o ok
=== Wed Oct 19 01:34:10 UTC 2016 === _tinysshd-test-hello2.o ok
=== Wed Oct 19 01:34:10 UTC 2016 === _tinysshd-test-kex1.o ok
=== Wed Oct 19 01:34:10 UTC 2016 === _tinysshd-test-kex2.o ok
=== Wed Oct 19 01:34:10 UTC 2016 === finishing
=== Wed Oct 19 01:34:10 UTC 2016 === starting tinyssh-tests
=== Wed Oct 19 01:34:10 UTC 2016 === blockingtest ok
=== Wed Oct 19 01:34:10 UTC 2016 === buftest ok
=== Wed Oct 19 01:34:10 UTC 2016 === bytetest ok
=== Wed Oct 19 01:34:10 UTC 2016 === channel_forktest ok
=== Wed Oct 19 01:34:10 UTC 2016 === channeltest ok
=== Wed Oct 19 01:34:10 UTC 2016 === channel_subsystemtest ok
=== Wed Oct 19 01:34:11 UTC 2016 === coetest ok
=== Wed Oct 19 01:34:11 UTC 2016 === connectioninfotest ok
=== Wed Oct 19 01:34:11 UTC 2016 === dropuidgidtest ok
=== Wed Oct 19 01:34:11 UTC 2016 === envtest ok
=== Wed Oct 19 01:34:11 UTC 2016 === etest ok
=== Wed Oct 19 01:34:11 UTC 2016 === getlntest ok
=== Wed Oct 19 01:34:11 UTC 2016 === globaltest ok
=== Wed Oct 19 01:34:11 UTC 2016 === iptostrtest ok
=== Wed Oct 19 01:34:11 UTC 2016 === loadtest ok
=== Wed Oct 19 01:34:11 UTC 2016 === loginshelltest ok
=== Wed Oct 19 01:34:11 UTC 2016 === logtest ok
=== Wed Oct 19 01:34:11 UTC 2016 === newenvtest ok
=== Wed Oct 19 01:34:11 UTC 2016 === numtostrtest ok
=== Wed Oct 19 01:34:12 UTC 2016 === opentest ok
=== Wed Oct 19 01:34:12 UTC 2016 === packetparsertest ok
=== Wed Oct 19 01:34:12 UTC 2016 === porttostrtest ok
=== Wed Oct 19 01:34:12 UTC 2016 === randommodtest ok
=== Wed Oct 19 01:34:12 UTC 2016 === readalltest ok
=== Wed Oct 19 01:34:12 UTC 2016 === savesynctest ok
=== Wed Oct 19 01:34:12 UTC 2016 === sshcryptotest ok
=== Wed Oct 19 01:34:12 UTC 2016 === sshtest ok
=== Wed Oct 19 01:34:12 UTC 2016 === stringparsertest ok
=== Wed Oct 19 01:34:12 UTC 2016 === strtest ok
=== Wed Oct 19 01:34:13 UTC 2016 === subprocess_authtest ok
=== Wed Oct 19 01:34:13 UTC 2016 === subprocess_signtest ok
=== Wed Oct 19 01:34:13 UTC 2016 === trymlocktest ok
=== Wed Oct 19 01:34:13 UTC 2016 === writealltest ok
=== Wed Oct 19 01:34:13 UTC 2016 === finishing
=== Wed Oct 19 01:34:13 UTC 2016 === starting _tinyssh
=== Wed Oct 19 01:34:13 UTC 2016 === _tinysshd-printkex ok
=== Wed Oct 19 01:34:13 UTC 2016 === _tinysshd-unauthenticated ok
=== Wed Oct 19 01:34:13 UTC 2016 === _tinysshd-install ok
=== Wed Oct 19 01:34:13 UTC 2016 === _tinysshd-test-hello1 ok
=== Wed Oct 19 01:34:13 UTC 2016 === _tinysshd-test-hello2 ok
=== Wed Oct 19 01:34:13 UTC 2016 === _tinysshd-test-kex1 ok
=== Wed Oct 19 01:34:13 UTC 2016 === _tinysshd-test-kex2 ok
=== Wed Oct 19 01:34:13 UTC 2016 === finishing
=== Wed Oct 19 01:34:13 UTC 2016 === starting tinyssh
=== Wed Oct 19 01:34:13 UTC 2016 === tinysshd-makekey ok
=== Wed Oct 19 01:34:13 UTC 2016 === tinysshd-printkey ok
=== Wed Oct 19 01:34:13 UTC 2016 === tinysshd ok
=== Wed Oct 19 01:34:13 UTC 2016 === finishing
=== Wed Oct 19 01:34:13 UTC 2016 === starting tinyssh regression tests
=== Wed Oct 19 01:34:13 UTC 2016 === tinysshd-makekey ok
=== Wed Oct 19 01:34:13 UTC 2016 === tinysshd-printkey ok
=== Wed Oct 19 01:34:14 UTC 2016 === tinysshd ok
=== Wed Oct 19 01:34:14 UTC 2016 === finishing
=== Wed Oct 19 01:34:14 UTC 2016 === starting manpages
=== Wed Oct 19 01:34:14 UTC 2016 === finishing
=== Wed Oct 19 01:34:14 UTC 2016 === counting words of code - tests
=== Wed Oct 19 01:34:14 UTC 2016 === tinyssh-tests 60486
=== Wed Oct 19 01:34:14 UTC 2016 === crypto-tests 9791
=== Wed Oct 19 01:34:14 UTC 2016 === _tinyssh 5473
=== Wed Oct 19 01:34:14 UTC 2016 === 75736 words of code
=== Wed Oct 19 01:34:14 UTC 2016 === finishing
=== Wed Oct 19 01:34:14 UTC 2016 === counting words of code
=== Wed Oct 19 01:34:14 UTC 2016 === sysdep 1195
=== Wed Oct 19 01:34:14 UTC 2016 === tinyssh 40790
=== Wed Oct 19 01:34:14 UTC 2016 === crypto 28077
=== Wed Oct 19 01:34:14 UTC 2016 === 70048 words of code
=== Wed Oct 19 01:34:14 UTC 2016 === finishing
And here's it failing in the identical env, but as root:
[root@c2ca8f4e10b3 upstream]# ./make-tinyssh.sh
=== Wed Oct 19 01:37:30 UTC 2016 === obtaining compiler
=== Wed Oct 19 01:37:30 UTC 2016 === cc -O3 -fomit-frame-pointer -funroll-loops ok
=== Wed Oct 19 01:37:30 UTC 2016 === finishing
=== Wed Oct 19 01:37:30 UTC 2016 === checking compiler options
=== Wed Oct 19 01:37:30 UTC 2016 === -pedantic ok
=== Wed Oct 19 01:37:30 UTC 2016 === -Wall ok
=== Wed Oct 19 01:37:30 UTC 2016 === -Wno-long-long ok
=== Wed Oct 19 01:37:30 UTC 2016 === -Wno-overlength-strings ok
=== Wed Oct 19 01:37:30 UTC 2016 === -Wno-unused-function ok
=== Wed Oct 19 01:37:30 UTC 2016 === -Wshadow ok
=== Wed Oct 19 01:37:30 UTC 2016 === -Wdeclaration-after-statement ok
=== Wed Oct 19 01:37:30 UTC 2016 === -Wwrite-strings ok
=== Wed Oct 19 01:37:31 UTC 2016 === -Wmissing-declarations ok
=== Wed Oct 19 01:37:31 UTC 2016 === -Wmissing-prototypes ok
=== Wed Oct 19 01:37:31 UTC 2016 === -Wstrict-prototypes ok
=== Wed Oct 19 01:37:31 UTC 2016 === -Wunused-value ok
=== Wed Oct 19 01:37:31 UTC 2016 === -Wunused-parameter ok
=== Wed Oct 19 01:37:31 UTC 2016 === -Wundef ok
=== Wed Oct 19 01:37:31 UTC 2016 === -fstack-protector-strong ok
=== Wed Oct 19 01:37:31 UTC 2016 === -fwrapv ok
=== Wed Oct 19 01:37:31 UTC 2016 === -fno-strict-overflow ok
=== Wed Oct 19 01:37:31 UTC 2016 === cc -O3 -fomit-frame-pointer -funroll-loops -pedantic -Wall -Wno-long-long -Wno-overlength-strings -Wno-unused-function -Wshadow -Wdeclaration-after-statement -Wwrite-strings -Wmissing-declarations -Wmissing-prototypes -Wstrict-prototypes -Wunused-value -Wunused-parameter -Wundef -fstack-protector-strong -fwrapv -fno-strict-overflow
=== Wed Oct 19 01:37:31 UTC 2016 === finishing
=== Wed Oct 19 01:37:31 UTC 2016 === checking libs
=== Wed Oct 19 01:37:31 UTC 2016 === -lutil ok
=== Wed Oct 19 01:37:31 UTC 2016 === -lsocket -lnsl failed
=== Wed Oct 19 01:37:31 UTC 2016 === -lrt ok
=== Wed Oct 19 01:37:31 UTC 2016 === finishing
=== Wed Oct 19 01:37:31 UTC 2016 === checking $LIBS
=== Wed Oct 19 01:37:31 UTC 2016 === finishing
=== Wed Oct 19 01:37:31 UTC 2016 === building sysdep headers
=== Wed Oct 19 01:37:31 UTC 2016 === hasasmvolatilememory.h hasasmvolatilememory.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 === hasmlock.h hasmlock.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 === haslibutilh.h default.h-no
=== Wed Oct 19 01:37:31 UTC 2016 === hasutilh.h default.h-no
=== Wed Oct 19 01:37:31 UTC 2016 === hasopenpty.h hasopenpty.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 === haslogintty.h haslogintty.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 === hasutmpx.h hasutmpx.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 === hasutmpxupdwtmpx.h hasutmpxupdwtmpx.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 === hasutmpxsyslen.h default.h-no
=== Wed Oct 19 01:37:31 UTC 2016 === hasutmp.h hasutmp.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 === hasutmpname.h hasutmpname.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 === hasutmpuser.h hasutmpuser.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 === hasutmphost.h hasutmphost.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 === hasutmptime.h hasutmptime.h-yes
=== Wed Oct 19 01:37:31 UTC 2016 === hasutmptv.h hasutmptv.h-yes
=== Wed Oct 19 01:37:32 UTC 2016 === hasutmppid.h hasutmppid.h-yes
=== Wed Oct 19 01:37:32 UTC 2016 === hasutmptype.h hasutmptype.h-yes
=== Wed Oct 19 01:37:32 UTC 2016 === hasutmplogwtmp.h hasutmplogwtmp.h-yes
=== Wed Oct 19 01:37:32 UTC 2016 === hasutmploginlogout.h hasutmploginlogout.h-yes
=== Wed Oct 19 01:37:32 UTC 2016 === order.h order.h-runtime-little
=== Wed Oct 19 01:37:32 UTC 2016 === finishing
=== Wed Oct 19 01:37:32 UTC 2016 === starting crypto lib
=== Wed Oct 19 01:37:34 UTC 2016 === libtinynacl.a ok
=== Wed Oct 19 01:37:34 UTC 2016 === finishing
=== Wed Oct 19 01:37:34 UTC 2016 === starting crypto headers
=== Wed Oct 19 01:37:34 UTC 2016 === crypto_stream_chacha20.h (tinynacl\n) ok
=== Wed Oct 19 01:37:35 UTC 2016 === crypto_onetimeauth_poly1305.h (tinynacl\n) ok
=== Wed Oct 19 01:37:35 UTC 2016 === crypto_auth_hmacsha256.h (tinynacl\n) ok
=== Wed Oct 19 01:37:35 UTC 2016 === crypto_hash_sha512.h (tinynacl\n) ok
=== Wed Oct 19 01:37:35 UTC 2016 === crypto_hash_sha256.h (tinynacl\n) ok
=== Wed Oct 19 01:37:35 UTC 2016 === crypto_verify_16.h (tinynacl\n) ok
=== Wed Oct 19 01:37:35 UTC 2016 === crypto_verify_32.h (tinynacl\n) ok
=== Wed Oct 19 01:37:36 UTC 2016 === crypto_core_aes256encrypt.h (tinynacl\n) ok
=== Wed Oct 19 01:37:37 UTC 2016 === crypto_scalarmult_curve25519.h (tinynacl\n) ok
=== Wed Oct 19 01:37:38 UTC 2016 === crypto_scalarmult_nistp256.h (tinynacl\n) ok
=== Wed Oct 19 01:37:39 UTC 2016 === crypto_sign_ed25519.h (tinynacl\n) ok
=== Wed Oct 19 01:37:41 UTC 2016 === crypto_sign_nistp256ecdsa.h (tinynacl\n) ok
=== Wed Oct 19 01:37:41 UTC 2016 === finishing
=== Wed Oct 19 01:37:41 UTC 2016 === starting tinyssh objects
=== Wed Oct 19 01:37:41 UTC 2016 === blocking.o ok
=== Wed Oct 19 01:37:41 UTC 2016 === buf.o ok
=== Wed Oct 19 01:37:41 UTC 2016 === byte.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === channel.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === channel_drop.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === channel_fork.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === channel_forkpty.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === channel_subsystem.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === coe.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === connectioninfo.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === die.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === dropuidgid.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === e.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === env.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === getln.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === global.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === iptostr.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === load.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === log.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === loginshell.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === logsys.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === newenv.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === numtostr.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === open.o ok
=== Wed Oct 19 01:37:42 UTC 2016 === packet.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === packet_auth.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === packet_channel_open.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === packet_channel_recv.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === packet_channel_request.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === packet_channel_send.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === packet_get.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === packet_hello.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === packet_kex.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === packet_kexdh.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === packetparser.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === packet_put.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === packet_recv.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === packet_send.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === packet_unimplemented.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === porttostr.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === randommod.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === readall.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === savesync.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === ssh.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === sshcrypto.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === sshcrypto_cipher.o ok
=== Wed Oct 19 01:37:43 UTC 2016 === sshcrypto_cipher_aesctr.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === sshcrypto_cipher_aesctr256.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === sshcrypto_cipher_chachapoly.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === sshcrypto_kex.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === sshcrypto_kex_curve25519.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === sshcrypto_kex_nistp256.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === sshcrypto_key.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === sshcrypto_key_ed25519.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === sshcrypto_key_nistp256ecdsa.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === str.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === stringparser.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === subprocess_auth.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === subprocess_sign.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === tinysshd.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === tinysshd-makekey.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === tinysshd-printkey.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === trymlock.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === writeall.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === tinysshd-makekey.o ok
=== Wed Oct 19 01:37:44 UTC 2016 === tinysshd-printkey.o ok
=== Wed Oct 19 01:37:45 UTC 2016 === tinysshd.o ok
=== Wed Oct 19 01:37:45 UTC 2016 === _tinysshd-printkex.o ok
=== Wed Oct 19 01:37:45 UTC 2016 === _tinysshd-unauthenticated.o ok
=== Wed Oct 19 01:37:45 UTC 2016 === _tinysshd-install.o ok
=== Wed Oct 19 01:37:45 UTC 2016 === _tinysshd-test-hello1.o ok
=== Wed Oct 19 01:37:45 UTC 2016 === _tinysshd-test-hello2.o ok
=== Wed Oct 19 01:37:45 UTC 2016 === _tinysshd-test-kex1.o ok
=== Wed Oct 19 01:37:45 UTC 2016 === _tinysshd-test-kex2.o ok
=== Wed Oct 19 01:37:45 UTC 2016 === finishing
=== Wed Oct 19 01:37:45 UTC 2016 === starting tinyssh-tests
=== Wed Oct 19 01:37:45 UTC 2016 === blockingtest ok
=== Wed Oct 19 01:37:45 UTC 2016 === buftest ok
=== Wed Oct 19 01:37:45 UTC 2016 === bytetest ok
=== Wed Oct 19 01:37:45 UTC 2016 === channel_forktest ok
=== Wed Oct 19 01:37:45 UTC 2016 === channeltest ok
=== Wed Oct 19 01:37:46 UTC 2016 === channel_subsystemtest ok
=== Wed Oct 19 01:37:46 UTC 2016 === coetest ok
=== Wed Oct 19 01:37:46 UTC 2016 === connectioninfotest ok
=== Wed Oct 19 01:37:46 UTC 2016 === dropuidgidtest failed ... see the log /opt/build/upstream/build/log
The additional context from the log:
dropuidgidtest.c:43: process exited with status != 0
I adjusted the make-tinyssh.sh script to halt after failing that test, letting me do some stracing of that binary.
The full strace output is here: https://gist.github.com/akerl/9454f8164fa92e2ca216802eee7d7a78
But it looks like the primary issue is that calling setgroups with [123000] returns EINVAL.
I'm a bit confused as to the purpose of this test, since it behaves differently if the user running the test is root vs nonroot. This also led to me checking the code, which appears to fail to support dropping group ID if you don't drop user ID (on https://github.com/janmojzis/tinyssh/blob/master/tinyssh/dropuidgid.c#L21 , the user and group are only changed if the UID needs to be changed, so for example, calling dropuidgid(0, 100) as (0, 0) will return success despite making no change.
The function byte_isequal
is a constant-time comparison function that always reads all the bytes to compare.
In function ed25519_parsesignpk
, the function byte_isequal
is used to compare a string of an arbitrary length (chosen by the interlocutor) to the string literal "ssh-ed25519"
:
tinyssh/tinyssh/sshcrypto_key_ed25519.c
Line 51 in f5c4179
It seems that a malicious interlocutor can send long strings to be passed to ed25519_parsesignpk
in order to cause memory beyond "ssh-ed25519"
to be read, with a crash as the consequence.
It is also possible that a malicious interlocutor might obtain all the contents of memory between the place where the string literal "ssh-ed25519"
is stored and the first invalid page, one byte at a time, by sending successive strings that start with “ssh-ed25519”.
The banners defined in /etc/issue and /etc/motd are currently not displayed.
It would be great if tinyssh could integrate this feature in the near future as these "disclaimers" are very important for your company.
Similar issue for another SSH daemon: paramiko/paramiko#455
client: OpenSSH 8.5_p1-r1+sctp
server: tinyssh 20190101 launched like this:
/usr/bin/tcpserver -HRDl0 0 22 /usr/sbin/tinysshd -l -s -p -x sftp=/usr/lib64/misc/sftp-server /etc/tinyssh/keys
I have tinysshd
running without any problems in Alpine Linux & will be introducing a tinysshd
package to Alpine shortly.
Can a switch be added to disable root
logins please ?
Hello! I hope i didn't wake anyone. No? Good.
Source: https://tinyssh.org/
Wrong | "Postquantum crypto: (...) chacha20-poly1305"; It is certainly nott part of the PQ algorithm family but an AEAD. It is out of scope of PQ research. See relevant sources. Post-quantum cryptographic primitive [email protected] and AEAD [email protected] were introduced in OpenSSH respectively in v. 8.5, now as default in v. 9.0, and v. 6.5, promoted as default cipher in v. 6.9. Worht noting: OpenSSL and OpenSSH differ each other in regard to software policies. OpenSSL, unlike OpenSSH, solely incorporates to its project algorithm implementations which have been standardised by a recognised national or internal standards entity. At this time there is no such standard for NTRU. NIST recently decided not to standardise NTRU. That's instead CRYSTALS-Kyber that was selected for standardisation. I guess that allows this project developer to state So TinySSH is in good company here!
Source: https://tinyssh.org/faq.html
inconsistent | "TinySSH has less than100000 words of code". It appears to be less than 50000. Take a look at the dust on that page; indeed, no surprise; that's year 2014 in command output! that one i liked. So since you like playing with numbers, let's state here 200000. That gives the project time to let an even thicker layer of dust growing. That's an achievement like another.
non-relevant | "TinySSH is promising ‘no older cryptographic primitives’, but md5 is available in crypto library. What does it mean? (...) since version 20150201 tinysshd-printkey is not using MD5, MD5 removed.". You are a fast-learner aren't you? So take a look at the dust here; that's year 2015. What is your point here? An exhibition of good-old-time memories to amuse us, readers?.
That much for today. All but serious matter.
On arch linux, there are three systemd unit files installed along with tinyssh by default (usr/lib/systemd/system/[email protected]
, usr/lib/systemd/system/[email protected]
, and usr/lib/systemd/system/tinysshgenkeys.service
, see here). However, the man page (see here) lists two other unit files with very similar but slightly different names. Worse yet, I can't figure out how to get either to work.
If I enable [email protected]
and then [email protected]
(the two systemctl units that come pre installed with the package), the first one works fine, but then the second one fails. In the systemd logs, it simply says [email protected]: Got no socket
. The same thing happens if I run [email protected]
and then [email protected]
(ie in the other order). It seems that it is creating the socket, but the service isn't actually listening on it correctly for some reason. ss -lx | grep ssh
only shows /run/user/0/gnupg/S.gpg-agent.ssh
, no socket for ssh. However, I can tell [email protected]
is doing something, because nmap
identifies port 22 as filtered instead of closed, and ssh-copy-id
fails when trying to log in instead of timing out like it would if the port were closed. It just, you know, isn't actually connected to any tinyssh daemon.
What about the unit files described in the man page? Well, glancing quickly over this repo I noticed that the man page is very out of date, but I didn't spot where the unit files in the arch linux package are, so they might be a downstream thing. Anyway, if I add the unit files described in the man page, they also don't work. The error is exactly the same, as long as I remember to stop the other socket.
Finally, just for completeness's sake, if I simply run tinysshd /etc/tinyssh/sshkeydir
, it hangs for 1 minute and then kills itself because fatal: closing connection (timed out){main_tinysshd.c:43}
I did generate the server keys and make sure that the two systemd sockets were stopped before trying it.
I'm running tinyssh
in a qemu virtual machine, and the arch linux version is built with NaCl "/ TweetNaCl"
When attempting to build with libsodium (as a drop-in libnacl replacement) as suggested in FAQ it does not actually links to libsodium:
export LIBS="-lsodium"
export CFLAGS="-I/usr/include/sodium"
...
=== Mon Aug 22 13:34:51 UTC 2022 === starting crypto headers
=== Mon Aug 22 13:34:51 UTC 2022 === crypto_stream_chacha20.h (tinyssh\n) ok
=== Mon Aug 22 13:34:52 UTC 2022 === crypto_onetimeauth_poly1305.h (tinyssh\n) ok
=== Mon Aug 22 13:34:52 UTC 2022 === crypto_hash_sha512.h (tinyssh\n) ok
=== Mon Aug 22 13:34:52 UTC 2022 === crypto_hash_sha256.h (tinyssh\n) ok
=== Mon Aug 22 13:34:52 UTC 2022 === crypto_verify_16.h (tinyssh\n) ok
=== Mon Aug 22 13:34:52 UTC 2022 === crypto_verify_32.h (tinyssh\n) ok
=== Mon Aug 22 13:34:53 UTC 2022 === crypto_scalarmult_curve25519.h (tinyssh\n) ok
=== Mon Aug 22 13:34:54 UTC 2022 === crypto_sign_ed25519.h (tinyssh\n) ok
=== Mon Aug 22 13:34:54 UTC 2022 === crypto_sort_uint32.h (tinyssh\n) ok
=== Mon Aug 22 13:34:56 UTC 2022 === crypto_kem_sntrup761.h (tinyssh\n) ok
=== Mon Aug 22 13:34:58 UTC 2022 === crypto_kem_sntrup761x25519.h (tinyssh\n) ok
=== Mon Aug 22 13:34:58 UTC 2022 === finishing
(Also note \n
in tinyssh\n
).
It seems because of errors like this:
=== Mon Aug 22 13:34:51 UTC 2022 === trying: ext. crypto_stream_chacha20:
In file included from crypto_stream_chacha20test.c:8:
misc.h:9:10: fatal error: crypto_uint8.h: No such file or directory
9 | #include "crypto_uint8.h"
| ^~~~~~~~~~~~~~~~
compilation terminated.
Except for the symbol crypto_verify_16
which is alone linked to libsodium.
Adding -I${PWD}/crypto
to CFLAGS
fixes the problem:
export LIBS="-lsodium"
export CFLAGS="-I/usr/include/sodium -I${PWD}/crypto"
...
=== Mon Aug 22 13:41:33 UTC 2022 === starting crypto headers
=== Mon Aug 22 13:41:33 UTC 2022 === crypto_stream_chacha20.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 === crypto_onetimeauth_poly1305.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 === crypto_hash_sha512.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 === crypto_hash_sha256.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 === crypto_verify_16.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 === crypto_verify_32.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 === crypto_scalarmult_curve25519.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 === crypto_sign_ed25519.h () ok
=== Mon Aug 22 13:41:34 UTC 2022 === crypto_sort_uint32.h (tinyssh\n) ok
=== Mon Aug 22 13:41:36 UTC 2022 === crypto_kem_sntrup761.h (tinyssh\n) ok
=== Mon Aug 22 13:41:38 UTC 2022 === crypto_kem_sntrup761x25519.h (tinyssh\n) ok
=== Mon Aug 22 13:41:38 UTC 2022 === finishing
DESTDIR=/tmp/tinyssh-release make -C /tmp/tinyssh-build install
make[1]: Entering directory '/tmp/tinyssh-build'
sh -e make-install.sh /tmp/tinyssh-release
=== Wed Jul 27 14:44:12 UTC 2016 === installing bin directory /tmp/tinyssh-release/usr/bin
=== Wed Jul 27 14:44:13 UTC 2016 === installing /tmp/tinyssh-build/build/bin/tinysshd-makekey -> /tmp/tinyssh-release/usr/bin/tinysshd-makekey
=== Wed Jul 27 14:44:13 UTC 2016 === installing /tmp/tinyssh-build/build/bin/tinysshd-printkey -> /tmp/tinyssh-release/usr/bin/tinysshd-printkey
=== Wed Jul 27 14:44:13 UTC 2016 === installing /tmp/tinyssh-build/build/bin/tinysshd -> /tmp/tinyssh-release/usr/bin/tinysshd
=== Wed Jul 27 14:44:13 UTC 2016 === finishing
=== Wed Jul 27 14:44:13 UTC 2016 === installing man directory /tmp/tinyssh-release/usr/share/man
_tinysshd-install: fatal: unable to stat directory /tmp/tinyssh-release/usr/share/man/man1 (file does not exist)
make[1]: *** [Makefile:6: install] Error 111
make[1]: Leaving directory '/tmp/tinyssh-build'
make: *** [Makefile:30: build] Error 2
It looks like this is because the code creates manfiles directly in ${man}, but the install code expects to find it in man/man$n/. Digging in now to see if I can get a clean patch to fix it
I think putty 0.65 and tinyssh has no common algorithm.
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Hi There,
Looking here:
https://github.com/janmojzis/tinyssh#crypto-primitives
it uses "[email protected]" this is i believe the old name and new name removed @libssh.org:
https://github.com/openssh/openssh-portable/blob/6116bd4ed354a71a733c8fd0f0467ce612f12911/kex.h#L63
ThX!
Initially reported (by me) downstream: https://bugs.debian.org/995146
Forwarding here because I reproduced it with 20210601 much quicker than I expected.
See the attached transcript for the exact openssh CLI options I used.
transcript.txt
Not sure if this are already been ruled out because it might need a dep on libfido2
but if not... fido2 resident keys are pretty neato
Generate a key that lives on the actual fido2 device with:
ssh-keygen -t ed25519-sk -O resident
And then when working on a new computer you can load the keys into the current session with just:
ssh-add -K
This very minor bug report is about a signed overflow in numtostr
. When n
is LLONG_MIN
on a 2's complement machine, -n
overflows:
Line 24 in 853505f
This is of no practical consequence, except that it triggers warnings in tools used to detect undefined behavior, and these tools are useful to detect the UBs that have more immediate consequences—and are most useful when one doesn't need to investigate reports of currently harmless UB. Also there is no telling what C compilers will be able to do ten years from now in presence of this overflow.
The function has the following structure:
char *numtostr(char *strbuf, long long n) {
...
unsigned long long nn;
int flagsign = 0;
...
if (n < 0) {
n = -n; // <--- signed overflow
flagsign = 1;
}
nn = n;
... // <--- nn is modified here
nn = n;
The shortest but perhaps puzzling fix would be to compute -
in the unsigned long long
type, converting back to long long
when storing the result in n
:
if (n < 0) {
n = -(unsigned long long)n;
flagsign = 1;
}
Now there are overflows when converting n to unsigned long long
and the result of -(unsigned long long)n
back to long long
but these are respectively defined and implementation-defined.
A perhaps more readable fix would be to save the absolute value of n
, since it is used twice, in an unsigned long long
variable.
channel_droptest.c:1:10: error: expected '=', ',', ';', 'asm' or 'attribute' before '.' token
emptytest.c
^
=== Sun Aug 20 13:03:22 DST 2017 === channel_droptest failed ... see the log /mnt/c/Users/*****/Desktop/tinyssh-master/build/log
My objective is to build a tinysshd (static build, with musl libc) as small as possible. Performance is not an issue. The ssh client would be a recent ssh from OpenSSH.
Is it possible to easily build tinysshd with only ed25519 / chacha-poly1305 crypto? (ie. no nistp256ecdsa, no aes)
I have seen an old HackerNews post mentioning TweetNacl ( https://news.ycombinator.com/item?id=7727738 ) -- Is it still possible to build tinysshd with tweetnacl?
Thanks for Tinysshd!
Phil
This is the build log: https://gist.github.com/neheb/0c11d413757bcb5957e39561e6803039
It seems the proper include directory is not there.
I have no real time to work on this, thus posting it here.
It's been half a year since I implemented an option to allow SSH guest logins for TinySSH. I created a pull request but it has still not received any reviews nor has it been merged.
Is there any reason for delaying this? It would be helpful to have at least a discussion regarding this enhancement. I would prefer not to create my own fork of TinySSH as a long term solution.
Could you set your git name and your git email to your registered email here on GitHub?
Are there any plans to add support for authentication agent forwarding?
I have a herd of SBCs (perfect for TinySSH) that I sometimes have to access via bastion. Currently the only way to access them would be to put the private key on the bastion, which is less than ideal.
Hello,
I think it could be very useful to add directly in this project the possibility of converting openssh keys to tinyssh format with a different binary file (tinyssh-convert) so you do not have a big binary (tinyssh).
I know that there is already an unofficial and functional project here : https://github.com/ansemjo/tinyssh-convert but no distribution includes it.
For information : domain dead at the bottom of page https://tinyssh.org/faq.html : https://git.semjonov.de/ansemjo/tinyssh-convert
Is it possible to compile tinyssh on Windows? For example on Cygwin?
Hi, i installed this server on my raspberry pi, but, which client should i use? (i use git, so i need to have ssh client to do pushes)
=== Thu May 26 19:42:23 GMT 2016 === numtostrtest ok
=== Thu May 26 19:42:23 GMT 2016 === opentest failed ... see the log /tmp/tinyssh-master/build/log
build.log:
=== Thu May 26 19:42:23 GMT 2016 === newenvtest ok
numtostrtest.c:299:8: warning: integer constant is so large that it is unsigned [enabled by default]
{ -9223372036854775808LL, "-9223372036854775808" },
^
numtostrtest.c:299:5: warning: this decimal constant is unsigned only in ISO C90 [enabled by default]
{ -9223372036854775808LL, "-9223372036854775808" },
^
=== Thu May 26 19:42:23 GMT 2016 === numtostrtest ok
opentest.c:62: process exited with status = 0
When I follow the Steps in https://tinyssh.org/install.html, I'll get the Error "tinysshd regression test failed" running make:
make.log.txt
Running "diff tinysshd.out tinysshd.exp" says:
480c480
< unable to send kex-message (broken pipe)
---
> unable to receive kex-message (connection reset)
Am I correct in assuming that this implementation of post quantum crypto only affects the key exchange?
https://github.com/janmojzis/tinyssh/blob/master/PROTOCOL.sntrup4591761x25519-sha512
If so, wouldn't this be only an experiment without adding security since the authentication of the server is still done using rsa (or other non post quanten algorithms)?
Meaning if someone has a quantum computer with the nessessary sice to break e.g. rsa 3072 that someone could circumvent the current use of post quanten crypto key exchange by a man in the middle attack and forging the then broken rsa Key of the server.
Is this assumtion correct?
If so what is the use case of the current implementation?
It appears that [email protected] was removed from OpenSSH, and replaced with [email protected], at the behest of Daniel J. Bernstein.
"Per the authors, sntrup4591761 was replaced almost two years ago by sntrup761."
Can this key exchange be implemented in tinyssh?
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kexsntrup761x25519.c
Hi guys. I'm trying to build tinyssh from source (apt source tinysshd
) in Ubuntu 20.04.2 (amd64) using crosscompiler
CC=aarch64-linux-gnu-gcc make
for ARMv8
before make I did sudo apt-get build-dep tinyssh
, but It did not help much.
Build fails on libtinynacl.a failed ... see the log /home/user/tinyssh-20190101/build/log
First it wanted libutil.h, so I installed sudo apt install libutil-freebsd-dev
But it wants a lot of other includes...
Are there any build images? How could I find nessesary libs and headers for build?
In file included from haslibutilh.h-yes.c:2:
/usr/include/libutil.h:43:10: fatal error: sys/_types.h: No such file or directory
43 | #include <sys/_types.h>
| ^~~~~~~~~~~~~~
compilation terminated.
hasutilh.h-yes.c:2:10: fatal error: util.h: No such file or directory
2 | #include <util.h>
| ^~~~~~~~
compilation terminated.
hasutmpxupdwtmpx.h-yes.c: In function 'foo':
hasutmpxupdwtmpx.h-yes.c:6:5: warning: implicit declaration of function 'updwtmpx' [-Wimplicit-function-declaration]
6 | updwtmpx("/nonexistent", &ut);
| ^~~~~~~~
hasutmpxsyslen.h-yes.c: In function 'main':
hasutmpxsyslen.h-yes.c:7:14: error: 'struct utmpx' has no member named 'ut_syslen'
7 | return ut.ut_syslen;
| ^
hasutmpxsyslen.h-yes.c:6:18: warning: variable 'ut' set but not used [-Wunused-but-set-variable]
6 | struct utmpx ut = {0};
| ^~
hasutmp.h-yes.c: In function 'main':
hasutmp.h-yes.c:8:17: warning: unused variable 'ut' [-Wunused-variable]
8 | struct utmp ut = {0};
| ^~
hasutmptype.h-yes.c: In function 'main':
hasutmptype.h-yes.c:8:17: warning: variable 'ut' set but not used [-Wunused-but-set-variable]
8 | struct utmp ut;
| ^~
=== Wed May 26 16:08:35 2021 === finishing
=== Wed May 26 16:08:35 2021 === starting crypto lib
cleanup.c:2:10: fatal error: hasasmvolatilememory.h: No such file or directory
2 | #include "hasasmvolatilememory.h"
| ^~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
=== Wed May 26 16:08:36 2021 === libtinynacl.a failed ... see the log /home/user/tinyssh-20190101/build/log
Given that tinyssh already supports channels in which stdin/stdout are from an external binary (e.g. bash), is there any reason not to add SFTP support? It would require openssh's sftp-server binary, and a bit of code to accept the sftp channel type and run the sftp-server binary as the logged in user, but all of the support code for that is already in place.
N/A
Hi,
I looked for an equivalent to mkinitcpio-tinyssh for debian and could not find it anywhere.
I made a quick one using initramfs-tools based on the already existing dropbear hooks and the Arch one.
Sharing it here for future users, feel free to include it in your repo if you wish.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.