Hi everyone.
I've builded dropbear with curve25519 and all options, that belongs to it (Eliptic curve cryptography, full support).
Burn this firmware to router, test ssh at https://www.sshaudit.com/ and see, that dropbear only supports "ecdsa-sha2-nistp256" and "ssh-rsa (2048-bit)" host key types. How I can configure dropbear for using only "ssh-ed25519" host key type?
Can you post the full error and where it came from ? Uci? Web luci interface ? My guess is the service script for dropbear might need changing:
I have not any error, I'm concerned that according to ssh audit my dropbear ssh server supports only this Host Key Types (which may have security problems):
ecdsa-sha2-nistp256
ssh-rsa (2048-bit)
And I can't figure out how to enable
ssh-ed25519
host key type?
Re-reading the dropbear init script again, you might just need to generate the 25519 host key file, and reload/restart dropbear.
If that’s what it is, /usr/bin/dropbearkey
with some switches/flags should be able to create that for you..
Did you manage to get this working?
Hi.
No, i couldn't.
root@OpenWrt:~# /usr/bin/dropbearkey -t ed25519 -f /tmp/dropbear_hostkey_ed25519
Unknown key type 'ed25519'
I couldn't generate host key type ed25519 with dropbearkey. I heard, that I can generate host key outside the openwrt, convert it to dropbear format and copy it to the router. Is it correct? How I can do that?
Your thread got my interest and I tried and got the same error with dropbearkey as well.
There looks to be active development on the github project https://github.com/mkj/dropbear/pull/91 , once that gets merged, and filters through to next openwrt build would definitely be worth a try.