[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SSH/SSL/TLS SFTP HTTPS suite needed for on Devboard_82
- To: <firstname.lastname@example.org>
- Subject: SSH/SSL/TLS SFTP HTTPS suite needed for on Devboard_82
- From: "Erich W. Gunther" <email@example.com>
- Date: Wed, 7 Jan 2004 11:25:19 -0500
- Sender: firstname.lastname@example.org
- Thread-index: AcPVM+saoYfp2iGSTdSaDXQi/95A0gAADV0wAAE+AoA=
- Thread-topic: SSH/SSL/TLS SFTP HTTPS suite needed for on Devboard_82
Hello all. I am a newbie to this list and ETRAX development but I just
wanted to report that I was able to use the Makefile provided by
Friedrich Lobenstock to successfully build Dropbear on the first try!
I still need to find a way to implement secure FTP and HTTPS on the
ETRAX platform however. I have to completely eliminate the insecure
ftp, http, and telnet protocols from this platform. I just can't
implement embedded systems with insecure protocols any more - I suspect
that most embedded developers are running into this situation.
Here is what I have found so far.
I think I successfully built the OpenSSL libraries and SSL program after
a lot of messing around with Makefiles.
I am considering using the GoAhead web server because it claims to work
with the OpenSSL libraries to implement HTTPS. I don't see any support
forthcoming for HTTPS in Boa. Does anyone have a better recommendation
on how to implement HTTPS?
I still have not been able to build OpenSSH but I solved that by using
Dropbear instead - love it. I have not been able to get a secure FTP
server implementation to work yet. Can anyone help me out there?
Once I have a workable SFTP server, I will need to figure out how to
implement the remote firmware upgrade capability in it like that
provided by the FTP server that comes with the development kit which I
will have to disable to finish securing the box.
In the future, it would be really nice if the AXIS development kit came
with such a secure set of communications interfaces instead of the
From: email@example.com">mailto:firstname.lastname@example.org] On
Behalf Of Friedrich Lobenstock
Sent: Wednesday, January 07, 2004 10:04 AM
To: Axis Etrax Mailing Liste
Subject: Re: [APPS] dropbear-0.39 (SSHD) for devboard_82 R1_91
*As the Axis mailinglist seems to be alive again and nobody
reacted on my offer, here the posting to this list*
Pieter Grimmerink wrote on 06.01.2004 15:39 MET:
> On Friday 19 December 2003 16:32, Friedrich Lobenstock wrote:
>>One reason why I created the keys on the host is also that I don't
>>have to clean up .ssh/known_hosts after each flash to the developer
>>system - they keys do not get overwritten once created.
> And these existing keys won't work anymore after an update?
> I mean, why do the known_hosts have to be deleted?
If you create a new host key everytime you've flashed the developer
board you will get such warnings:
5790: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
5790: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
5790: Someone could be eavesdropping on you right now (man-in-the-middle
5790: It is also possible that the RSA host key has just been changed.
5790: The fingerprint for the RSA key sent by the remote host is
5790: Please contact your system administrator.
5790: Add correct host key in /home/fl/.ssh/known_hosts to get rid of
5790: Offending key in /home/fl/.ssh/known_hosts:56
5790: RSA host key for 192.168.1.254 has changed and you have requested
5790: Host key verification failed.
To save one from deleting the offending line from .ssh/known_hosts
testing I've decided to create the keys on the developer host which will
not be overwritten during recompiles (only a 'make mrproper' would do
> By the way, when I compile dropbear-0.39 with your wrapper makefile, I
> following error when the key-tool is configured:
> touch -c dropbear-0.39/.config.key
> [ ! -e dropbear-0.39/.config.key ] && ( \
> cd dropbear-0.39; \
> autoconf; \
> ./configure \
> --disable-zlib --disable-shadow --disable-lastlog \
> --disable-utmp --disable-utmpx --disable-wtmp \
> --disable-wtmpx --disable-libutil --disable-pututline \
> --disable-pututxline \
> --prefix=/usr \
> checking for gcc... gcc-cris -isystem
> /home/pieter/devboard_82/target/cris-axis-linux-gnu/include -mlinux
> checking for C compiler default output... a.out
> checking whether the C compiler works... configure: error: cannot run
> compiled programs.
> If you meant to cross compile, use `--host'.
> So it still uses gcc-cris, even though this executable should be
> the development host I guess.
> Does this work for you, withouth a CC=gcc parameter for the configure
I think I've still a little problem in this Makefile. Can you please
try running 'make clean' first.
MfG / Regards