Replace dropbear ssh with openssh

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
dpomponi
DD-WRT Novice


Joined: 03 Apr 2020
Posts: 6

PostPosted: Sun May 17, 2020 18:16    Post subject: Replace dropbear ssh with openssh Reply with quote
Dear community,

I'm configuring my router in order to run sshuttle (python package) because I'd like to forward part of the traffic from my local network to a remote server transparently

This is the command I'm running

Quote:
sshuttle -v -l 0.0.0.0 --dns -vr user@remoteserver 10.10.10.0/24


Basically all the traffic with target 10.10.10.0/24 is forwarded through the remote server. Everything is working, it automatically generate all the rules for the firewall and indeed all the hosts connected to the network are able to reach the hosts in 10.10.10.0/24.

Since everything is working I wanted to run sshuttle in backround using the following script

Code:
#!/bin/sh

case $1 in
    connect)
        sshuttle -v -l 0.0.0.0 --dns -vr user@remoteserver 10.10.10.0/24  --daemon --pidfile /tmp/root/sshuttle.pid
        shift
    ;;
    disconnect)
        kill `cat /tmp/root/sshuttle.pid`
        shift
    ;;
    *)
        # unknown option
   ;;
esac


It's really a simple script which accept two parameters: connect or disconnect.

Unfortunately here I started to have trouble due to the flag --daemon, sshuttle stop just after asking the password for the remote server.

The flag --daemon is used to run sshuttle in foreground, following some debug using strace I noticed that sshuttle start the process and when it arrive to the point to open the ssh connection to the remote server it clone the process and it generate a child calling the default ssh client provided by dropbear. (this doesn't happen when you lunch sshuttle without --deamon)

Quote:
getsockname(9, {sa_family=AF_UNIX}, [128->2]) = 0
getsockname(10, {sa_family=AF_UNIX}, [128->2]) = 0
fcntl64(9, F_DUPFD_CLOEXEC, 0) = 11
fcntl64(9, F_DUPFD_CLOEXEC, 0) = 12
close(9) = 0
write(2, "c : executing: ['ssh', 'username"..., 270) = 270
pipe2([9, 13], O_CLOEXEC) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb6fe3828) =7998
close(13) = 0
read(9, "", 50000) = 0
close(9) = 0
close(11) = 0
close(12) = 0
send(10, "import sys\nimport zlib\nimport im"..., 1106, 0) = 1106
send(10, "sshuttle\n7\nx\1\0\0\0\377\377sshuttle.cmdli"..., 13012, 0) = 13012
write(2, "c : > channel=0 cmd=PING len=7 "..., 45) = 45
recv(10, Password:


Quote:
root@DD-WRT-R9000:~# cat /proc/7998/cmdline
user@remoteserver--exec /bin/sh -c 'P=python3; $P -V 2>/dev/null || P=python; exec "$P" -c '"'"'import sys, os; verbosity=2; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(1106), "assembler.py", "exec"))'"'"''


Following some test I understood that SSHUTTLE doesn't like SSH provided by dropbear, indeed If I modify the the command generated by sshuttle specifying to use openssh and bash everything works as it should:

Quote:
/opt/bin/ssh user@remoteserver -exec /bin/bash -c 'P=python3; $P -V 2>/dev/null || P=python; exec "$P" -c '"'"'import sys, os; verbosity=2; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(1106), "assembler.py", "exec"))'"'"''


Following all this explanation my question is:

How can I replace dropbear ssh with openssh?

When I say replace I want to say that the system has to use openssh by default instead of dropbear, otherwise when the process get cloned it will always fail.

Thanks for your support!

Router ModelNetgear Nighthawk X10
Firmware Version DD-WRT v3.0-r43099 std (05/09/20)
Kernel VersionLinux 4.9.222 #449 SMP armv7l

Regards,
Daniele
Sponsor
dpomponi
DD-WRT Novice


Joined: 03 Apr 2020
Posts: 6

PostPosted: Sun May 17, 2020 19:23    Post subject: Reply with quote
Solved modifying the env variable LF_LIBRARY_PATH

LD_LIBRARY_PATH=/opt/lib:/opt/usr/lib:/lib:/usr/lib:/opt/usr/local/lib:/usr/bin/ssh:/opt/bin/ssh
stacecom
DD-WRT Novice


Joined: 04 Nov 2020
Posts: 1

PostPosted: Wed Nov 04, 2020 0:39    Post subject: Thanks for posting this Reply with quote
This is quite relevant to what I'm trying to do, but can you share how you got sshuttle installed? I've been pursuing a few paths, but they seem to be dead ends.

This is on a Netgear ARM-based device, not sure if that's a difference-maker.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum