Ubuntu

How can I convert my openssh keys to be used with dropbear?

Asked by Uqbar

I need to convert some of my openssh keys so I can use them with dropbear ssh server.
How can I do it?
Thanks.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Micke Löfstrand
Solved:
Last query:
Last reply:
Revision history for this message
Micke Löfstrand (mikaelld) said : 		#1

Apparently this is the way to do it:
    dropbearconvert openssh dropbear openssh.key dropbear.key

Reference: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2004q4/000131.html

Revision history for this message
Uqbar (uqbar) said : 		#2

And where on earth is dropbearconvert?

Revision history for this message
Best Micke Löfstrand (mikaelld) said : 		#3

/usr/lib/dropbear/dropbearconvert

There's a couple of easy ways to find such things out for yourself:

 + use locate (ie locate <filename>)
 + dpkg -L dropbear | grep dropbearconvert
 + Go to http://packages.ubuntu.com/ and search for packages containg files named like dropbearconvert in distribution lucid

Link from search on packages...: http://packages.ubuntu.com/search?searchon=contents&keywords=dropbearconvert&mode=exactfilename&suite=lucid&arch=any

Revision history for this message
Uqbar (uqbar) said : 		#4

Good answer.
II normally expect tools to be available in $PATH and not to be digged out with locate!
Anyway, I created a symlink in /usr/bin for ease of use.

Revision history for this message
Uqbar (uqbar) said : 		#5

Thanks Mikael Löfstrand, that solved my question.

Revision history for this message
Peter Antoniac (pan1nx) said : 		#6

There is a reason why it is there (and not in your path). It is because it has security issues:

CAUTION: This program is for convenience only, and is not secure if used on
untrusted input files, ie it could allow arbitrary code execution.
All parameters must be specified in order.

Revision history for this message
Uqbar (uqbar) said : 		#7

I don't think that hiding troublesome tools somewhere is a good move towards better security.
I'd rather make its installation optional with that alert displayed and confirmation asked.
I'm pretty sure there are dozens of other buggy piece of software which can "allow arbitrary code execution". And they still sit in $PATH directories.
In my opinion that tool should definitely go in /usr/bin or anywhere else a "standard" $PATH would make it available.