[Toybox] features

Isaac Dunham ibid.ag at gmail.com
Sun Jun 8 18:16:47 PDT 2014 

On Sun, Jun 08, 2014 at 11:51:04AM -0500, Rob Landley wrote:
> On 06/06/14 23:50, Isaac Dunham wrote:
> > On Fri, Jun 06, 2014 at 09:53:17PM +0200, Daniel Cegiełka wrote:
> >> 2014-06-06 18:12 GMT+02:00 stephen Turner <stephen.n.turner at gmail.com>:
> >>> Rob, have you given any thought into adding a embedded ssh like dropbear to
> >>> toybox?
> >>
> >> or like tinyssh :)
> >>
> >> http://tinyssh.org/index.html
> > 
> > Features:
> > ...
> > Tinyssh doesn't have...scp, sftp
> > ...using NaCL/TweetNaCL
> > 
> > I lost interest there.
> > scp and sftp are *the* main use I have for ssh. I have three computers
> > of my own (desktop and two laptops, all Linux), there's another one 
> > (Windows) the family uses, and I find that the best way to copy something
> > from a to b is to use scp or something like FileZilla.
> 
> scp is a trivial protocol:
> 
> https://blogs.oracle.com/janp/entry/how_the_scp_protocol_works
> 
> > And no, I'm not interested in adding another daemon, transferring
> > files in plain mode, or having to run commands on both ends.
> 
> Pity, "tar cpz dir | ssh dest tar xvpz" works fine without scp and is
> trivially scriptable. (I tend to do that because scp isn't always good
> about symlinks and hardlinks and so on.)

I'm not fond of that approach (because (a) I don't always have tar on both
ends-I don't get to go completely MS-free and (b) scp is a shorter command
line), but by "run commands on both ends" I mean to refer to
netcat pipes and similar approaches (where you need to be logged into
both ends in the first place).

> 
> > As far as the second feature I quote goes, see:
> > landley.net/notes.html#31-03-2014
> > 
> > dropbear is a permissively licensed mcb that gets a good workout. Seems
> > like it fits with toybox.
> > And libtomcrypt seems like the better place to start, should an ssh
> > server and client be desired.
> 
> I've dug into libtomcrypt and find it incomprehensible, but it's really
> the libtommath part I'm having problems with. I need to write my own big
> math library for bc, and the darn spec says it has to do cosine and
> fractional exponents and such, which I dunno how to do off the top of my
> head.

hmmm. I know that's supposed to be covered in libtomfloat; not sure
about the status of that (most likely not really clear).

> > I note also that there's yet another small ssh server, moussh:
> > ftp.rodents-montreal.org/mouse/local/src/moussh
> > The developer was at one point considering using some of the libtom*
> > libraries; it currently needs gmp and a set of homegrown crypto libs.
> > It does have one or two rather frightening notes: it requires a
> > special preprocessor (included) or a version of gcc patched to support
> > "labeled control structure", whatever that is.
> > 
> > While we're talking about crypto, I might as well mention axtls.
> > It's a small BSD-licensed TLS1 library that uses kconfig with perhaps
> > too many options (what *FLAGS you want, which keys/certificates, openssl
> > API, ...).
> 
> Didn't musl have a wiki page collecting this sort of thing?

Yes. It's 
http://wiki.musl-libc.org/wiki/Alternative_libraries#Crypto
(and axtls is mentioned there).

> To be honest, rsync is higher priority for me than any of this, and
> _that_ is post-1.0. The big need for https is because wget and friends
> kinda useless without it these days. kernel.org: https only.
> twitter:https only. github: https only. And there are regular
> announcements like:
> 
> http://code.flickr.net/2014/04/30/flickr-api-going-ssl-only-on-june-27th-2014/
> 
> Basically the NSA has convinced people that non-encrypted connections
> are a categorical bad idea.

FWIW: axtls includes axssl (afaict, equivalent to the ssl command, which is
something similar to netcat/telnet but doing the encryption for you...)
and axtlswrap, which is a reimplementation of sslwrap, which does the
same job as stunnel (wrap socket connections to do ssl).

On the other hand, their documentation is solely online, and there's no
explanation of how to use axssl or axtlswrap: it only deals with library
functions.

HTH,
Isaac Dunham

 1402276607.0

More information about the Toybox mailing list