[Raion]

After wrestling with openssh I've decided that it's not really worth keeping it up to date. I even tried the old neko_ssh and found out that literally it takes nearly 3 times as much CPU and memory compared to dropbear. 

Dropbear is MIT Licensed and will keep patches upstream for IRIX.

However because I personally think that it's not wise to keep ourselves tied to a single implementation I'm gonna try and get wolfssh working too. This is GPLv3 but one benefit about this is that it does offer SFTP support if you require that; personally I just use FTP over SSL or SCP or in some rare cases, plain ftp. 

I'm going to eventually try to find other examples of common utilities that are implemented elsewhere just so that we have diversity of these areas.

[mgtremaine]

Dropbear sounds like a good idea. I can't speak for others but SFTP is no major loss, when I move files like that it's generally scp. I can see an endpoint needing sftp but I don't think these system should be exposed directly to the internet and I have NFS mounts for most of my file moving needs. Outside of routers I've not used dropbear for anything how is the X11 forwarding? That would really be the only thing that I would really require. (Port Forwarding in theory also but in practice I'm not going to tunnel something to my o2)

-Mike

[Raion]

Allegedly supports X11 forwarding, never tried it, and my main servers are too slow to get a reliable view of it.

I'm currently working on a few issues with dropbear before I call it good. I'll be releasing init scripts and detailed instructions.

[Raion]

WolfSSH didn't get far; both GCC and C99 failed with WolfSSL, its main dependency. It's a shame, but I'm not surprised.

I have a partially working build of dropbear installed, the client works fine, the server however has some issues. I'll get to the bottom of it and find a working version.

[Raion]

I have found a working version of Dropbear in the interim; until the upstream and I figure out this SIGCLD issue in the latest.

What happens is that the server doesn't close SSH sessions out properly.

The version of Dropbear I've gotten is from 2013, I'm trying other versions too, but this one worked excellently and it's still a better alternative to the OpenSSH in nekoware, and MUCH faster.

It builds out of the box on MIPSPro. You can check my development log for the version.

Once I've figured out some versions that work, I'll release full instructions and an initscript for IRIX.

Thank you guys for your patience. This has been eating me alive.

[Raion]

The 2013 Dropbear I'm currently compiling with -O3 for max speed and I will eventually release a tardist for it, but it won't be right away.

initscript is under construction, but I may revert to inetd for controlling it.

I've gotten prior versions working, but not later versions. I guess we're stuck until I can get some help from the upstream OR someone comes out of the woodwork to get a later version working. I've added the "Buggy" build still, so that people can replicate/test.

Just so you know, GCC doesn't solve that problem. It does fix some minor compilation bugs for some files, but that doesn't fix the SIGCLD issue.

[Raion]

Okay, so while the highly optimized dropbear is testing and the like, I thought I'd document and address Dropbear's working state, and more:

https://mirror.dropbear.nl/mirror/releases/

For reference, keep this URL handy.

2013.62 is the LATEST that I've managed to compile under mipspro or gcc without code hacking.

2014.63 introduces the basename symbol in dbutil.c, which doesn't exist in IRIX. This doesn't get addressed until 2017.75 or thereabouts, when it no longer is an issue. However, a few issues emerge here:

1. There's coding issues in the tomcrypt/tommath included that break it under mipspro. I have mixed GCC and MIPSPro objects to try and fix this, but it doesn't... quite sit well with me. There's also the SIGCLD issues.
2. IOV_MAX/UIO_MAXIOV is used and doesn't work on IRIX out of the box. I finally looked around and found some lighttpd code:

https://github.com/lighttpd/lighttpd2/bl...k_writev.c

Lines 10-12 note:
# elif defined(__sgi)
/* IRIX 6.5 has sysconf(_SC_IOV_MAX) which might return 512 or bigger */
# define UIO_MAXIOV 512

Adding this definition to netio.c fixes that, but the SIGCLD issue that causes dropbear to not close connections properly for client connections and scp connections remains.

You can read my posts here: https://lists.ucc.gu.uwa.edu.au/pipermai...hread.html

For some reason I'm having issues loading libtom's Google Groups: https://groups.google.com/forum/#!forum/libtom but I did submit an issue for upstream issues with mipspro on various ciphers and base64 code. It appears that it wasn't mod-approved yet last it was loading.

For now, my goal is to simply get the most optimized dropbear I can out in the wild, eventually tardist it and get things on track for this.

If Dropbear doesn't help, for whatever reason, with fixing this, it's not the end of the world. I can try backporting the changes from later versions and fork dropbear into my own project. I'd rather not due that; but unlike say, forking GCC, it's something that I could realistically handle.

For now, if there's anyone who can shed some light or wants to try for themselves, be my guest. I fear I'm oftentimes too much of a moron for this, but I am truly trying if nothing else.

[dexter1]

For fixing compiling libtomcrypt under MIPSpro, you need to find a solution for the empty map_base64url char array defined in line 46 in https://github.com/mkj/dropbear/blob/mas...4_decode.c
I think this is a gcc-ism by allowing you to declare an empty char array if the macro symbol LTC_BASE64_URL is not set.
Try removing the #if defined(LTC_BASE64_URL) and its #endif and let it be declared fully as

Code:

static const unsigned char map_base64url[256] = {

Note the 256 in the square brackets.

In the event that this fails horribly, you can hunt for a more simpler base64_decode.c code snippet.

[Raion]

indeed, that's an issue that I've been playing with. That doesn't, even if you hack it though, solve the SIGCLD issues. You can check out my "buggy" build to see the behavior that I'm talking about.

[Raion]

Working with user solidcore on dropbear still. We're getting close to figuring out these SIGCLD issues.

The issue is that Dropbear is trying to do a BSD-like SIGCHLD which causes zombie processes on IRIX