Dropbear SSH Server on Slackware
One of the hidden gems included in the Slackware 14.2 Installation DVD is Dropbear SSH.
Prior to discovering Dropbear SSH on the Slackware Installer, I’d never heard of it.
From https://matt.ucc.asn.au/dropbear/dropbear.html :
Dropbear is a relatively small SSH server and client. It runs on a variety of POSIX-based platforms. Dropbear is open source software, distributed under a MIT-style license. Dropbear is particularly useful for “embedded”-type Linux (or other Unix) systems, such as wireless routers.
There’s lots of good stuff that you can do if you can fire up an SSH server as soon as you boot a Linux installation. Eric Hameleers wrote in more depth about that, in post “Remote installation of Slackware using ssh”, back on January 24, 2010.
I think just knowing that Dropbear is there for you when you boot the Slackware Installer is half the battle.
Here’s a contrived example of how this can come in handy: unless you install VirtualBox guest extensions, it’s simply not possible to copy and paste into an out of a terminal window in a VirtualBox virtual machine. But, if you can SSH into a VirtualBox virtual machine, you can copy and paste commands until your heart’s content, without needing to install guest extensions. This is a simple and quick way to get copy & paste in the Slackware Installation environment.
Here’s how I start Dropbear manually.
Grab an IP address via DHCP. This shows grabbing an IP address via on a NAT’ed NIC on a VirtualBox machine:
Set a password for the root user:
Start the Dropbear SSH server:
Now, I just bound that Dropbear SSH server to a NAT’ed NIC. It got the IP address 10.0.2.15 from DHCP, but…it isn’t going to do me any good without setting up some port forwarding in VirtualBox. (That’s a different story, of course, if I had used a “Bridged” NIC.)
This configures VirtualBox so that if I ssh to port 2222 on my host machine, the connection will get forwarded to port 22 on my virtual machine, which is where my new Dropbear SSH server is listening for connections.
Here’s my first SSH connection attempt from my host:
This is where the Slackware 14.2 Installer is showing its age. We can see here that the Dropbear SSH server only offered us a Diffie-Helman key exchange using SHA1, and SHA1 is no longer safe to use. I happen to be attempting to connect from a machine with an updated SSH client, and it is doing its best to save me from doing something stupid.
This is a chance I’m willing to take, since I’m just connecting from my bare metal machine to a local VM. But, if I was making a network connection that I expected to leave my bare metal machine and traverse over any network, I would not continue.
Side note: Slackware64-current has an up to date Dropbear SSH server. Its slackbuild is located here. If I really needed Dropbear to be secure on 14.2, it would be trivial to build an updated copy and drop it onto a custom DVD, but that is beyond the scope of this post.
Anyways, like I said, in this scenario I’m OK with taking a calculated risk and continuing with a Diffie-Helman key exchange using SHA1.
