FR: update dropbear to a newer release and keep it up to date about koreader HOT 11 OPEN

@anarcat
I have no problem with keys since obviously I use them plenty, but I'm not convinced the feature has much right to exist without allowing for passwordless login. SSH servers come a dime a dozen. Ones that are specifically optimized for Kindle and Kobo do not. I repeat, you say "ewwwwwwwwwwwwwwwwwwwwww", I say "yesssssssssssssssssssss".

Should I put some warning in the guide related to passwordless login (which I also use since the beginning)?

@offset-torque If there isn't any notice in there I suppose there better should be, but I think the menu phrasing Login without password (DANGEROUS) is fairly self-explanatory. Anybody who ignores that is clearly aware that any potential risk is negligible only if you run with wifi (or the server) always off except for a number of minutes here and there on a trusted local network.

from koreader.

How does this thing get updated anyways?

It doesn't because it requires a bunch of platform-specific patches that are a right PITA to keep in sync, and I already maintain fully-featured bundles for Kindle & Kobo, as you mentioned.

(And, unfortunately, the KOReader patches are trickier than the one used there, so the work isn't 100% portable).

i.e., I'd be very happy to just murder the SSH plugin entirely.

from koreader.

As for the original issue, yes, your analysis is correct, the horribly old version being used doesn't support modern key formats.

from koreader.

i.e., I'd be very happy to just murder the SSH plugin entirely.

That would be a shame. I use an updated dropbear version in my meson branch (2022.83). What I would drop is the "no password" patch, which I have not bothered to port.

from koreader.

That's the other viable approach, true ;).

I... don't particularly care either way, we're increasingly going to be fielding issues either way (either about unsupported key formats if we do nothing; or about the lack of easy auth and/or sftp (which was also mildly annoying to deal with) if we drop the patches).

from koreader.

What I would drop is the "no password" patch, which I have not bothered to port.

I wouldn't. I'd rather just drop it in that case. It works better than FTP, SCP, and Telnet, and the security aspect couldn't be less relevant.

The "but ewww..." in the OP I'd rephrase as "oh yes, yes, yes."

from koreader.

not sure i can parse your comment there @Frenzie but i definitely mean "ewww" and by "ewww" i mean "passwords are evil, but password-less accounts are evil from an outer plane of existence that we shouldn't bring in this reality", if you want to rephrase. ;)

and if that's a patch, then, ewwwwwwwwwwwwwwwwwwwwww. :)

in any case, it looks like you fine folks have your hands full here... IMHO less patches sounds good (and i certainly don't mind having to use SSH keys!) but i'll let the maintainers decide what's best here.

from koreader.

@anarcat

password-less accounts are evil from an outer plane of existence that we shouldn't bring in this reality

• What is the threat model here in the KOReader context?
• What is the worst case scenario?

@Frenzie
Should I put some warning in the guide related to passwordless login (which I also use since the beginning)?

from koreader.

@anarcat Also note that if we don't offer this people will use Telnet more.

So the threat model if anything is slightly worse (standard port, not requiring any port scan) and the user experience is significantly worse.

from koreader.

from koreader.

Because the second sentence there has nothing to do with anything. ;-) We neither do nor have any intention to.

from koreader.