netutils/dropbear: initial Dropbear SSH server port for NuttX#3561
Open
FelipeMdeO wants to merge 1 commit into
Open
netutils/dropbear: initial Dropbear SSH server port for NuttX#3561FelipeMdeO wants to merge 1 commit into
FelipeMdeO wants to merge 1 commit into
Conversation
Integrated SSH daemon authenticating against FSUTILS_PASSWD, with an ECDSA P-256 host key and an NSH session over a PTY per connection. Built from the upstream Dropbear tarball (pinned commit) and patched for NuttX, using Dropbear's bundled libtomcrypt for all crypto. setsid() (apache/nuttx#19184) and link() now come from NuttX, not local stubs. Signed-off-by: Felipe Moura <moura.fmo@gmail.com>
Contributor
Author
|
@xiaoxiang781216, @acassis , @linguini1 , I dropped PR #3532 and this take its place. |
acassis
approved these changes
Jun 25, 2026
Contributor
Author
|
Hello @xiaoxiang781216, about apache/nuttx#19179 will have impact if we try to use scp, right? I kept scp always disable because it maybe will drop in Dropbear mainline: mkj/dropbear#442 But if want use this feature, I can change de code after your branch gets merged. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR is the first step of the Dropbear port to Apache NuttX.
At this stage, the port still uses Dropbear’s internal cryptographic library. Only the password-checking routines have been adapted to use native NuttX mechanisms.
As a second step, this application will be improved to use the cryptographic libraries provided by NuttX instead of Dropbear’s own crypto implementation.
With this application, a user can establish SSH connections to the hardware, allowing remote access to the system.
The documentation is already added to the mainline: PR#19190
Also, the defconfig to you be able test is available in the following commit: apache/nuttx#19062
This PR is a "reboot" of #3532. The first try added step 1 and 2 in the same PR adding a long discussion, so I drop the old PR and opened a clean PR here, ready to review.
Impact
New board configuration: the dropbear defconfig is additive and does not affect any existing configuration.
Is not expected any issue added by this code.
Testing
Host: Linux x86_64, GCC RISC-V toolchain
Board: ESP32-C3 DevKit (rev 0.4)
Build:
First-time user provisioning (serial console):
The NuttX passwd file lives on SPIFFS (/data/passwd) and is empty on a
fresh flash. Before the first SSH login, create a user from the NSH
serial console:
nsh> useradd root <password>The ECDSA host key is generated automatically on first boot.
Boot log shows Dropbear listening after Wi-Fi association:
SSH connection from the host: