[Cerowrt-devel] Available MACs in dropbear

Maciej Soltysiak maciej at soltysiak.com
Fri Oct 24 13:31:05 EDT 2014


Hi list,

For some reason dropbear doesn't have modern MACs for SSH. On cero
3.10.36 I've got Dropbear SSH client v2013.59:

root at cerowrt:/etc# ssh -m help
ssh: Available MACs:
hmac-sha1-96,hmac-sha1,hmac-md5

(MD5 BTW...)
However, dropbear since v2013.56 has support for sha2
(https://matt.ucc.asn.au/dropbear/CHANGES):
Added hmac-sha2-256 and hmac-sha2-512 support (off by default, use options.h)

It might be that we don't have it enabled in the cero build.

The reason why it hurts me is that I have servers configured according
to bettercrypto.org and I can't connect from cero (rare occasions, but
they happen). I get:

ssh: Connection to user at server.com:22 exited: No matching algo mac c->s

I apologize for not looking at github, but I'm really low on time :-((

Do we have sha2 in dropbear in later cero versions or do we have to
modify the build?

I wonder what openwrt has configured...

Best regards,
Maciej



More information about the Cerowrt-devel mailing list