• State
  • Locked Locked
  • Replies 4 replies
  • Subscribers 99 subscribers
  • Views 2432 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM3558: Dropbear configuration

Tom Morrison94
Prodigy 60 points


I am using a TMDXEVM3358 eval board whose SDK root filesystem has dropbear/sftp-server as a part of

I have a requirement to limit access of certain ssh clients as well as all sftp clients. I have tried to do something like this:

   https://www.howtoforge.com/chrooted-drop-bear-howto  (note: instead of dropbear.52, I used the already present dropbear binaries). 

It hasn't worked, and in the process of figuring it out, I found some references to dropbear in:

   /etc/systemd/system/sockets/.target.wants/

which refers to files in /lib/systemd/system/dropbear.xxxx

It looks like the process outline in howtoforced.com won't work in this case. 

Does anybody have any other suggestions?

Tom

  

  • 0
    TI__Guru**** 393215 points
    The software team have been notified. They will respond here.
  • 0
    TI__Guru 65405 points
    Hi Tom,

    Dropbare SSH packet presents in Processor SDK by default. You have no need to install it.
    Could you give more details about what exactly access limitation you want to do?
    Also attach the steps you have done and console output in a text file.

    BR
    Tsvetolin Shulev
  • 0 in reply to Cvetolin Shulev-XID
    Prodigy 60 points

    Hi Tsvetolin,

    I understand that dropbear is part of the Processor SDK, in development, we can ssh into box as with any other ssh solution. I also understand the dropbear process is started from systemd service when a connection comes over port 22 (note: ssh access will likely be disabled when our system goes into production).

    Our product requirement is that the sftp server must limit the access of the sftp client to the user's pre-configured home directory. In this assigned directory (and sub-directories)

    The sftp client can read/write files as well as as create create sub-directories...etc. Please see attached <inhome.png >  which user1 is limited to the /home/user1 directory (and subdirectories)

    This means that the sftp server MUST NOT allow the sftp client to access any other directory (in the depicted case - access to the '/etc/' directory) 

    If we were using openssh and there was a ssh_config- we could limit access like what is outlined here:

       

    Can you please advise!

    Tom