Package: dropbear
Version: 0.52-4
Severity: minor
Root has the null password so that people with physical access to a
securetty can log in easily, and remote logins are forced to be
key-based. This works with openssh-server, but with dropbear I get:
[2350] Nov 12 21:48:03 user 'root' has blank password, rejected
Even though I'm not trying to log in with the password method, and
indeed dropbear was started with -s.
It seems to me that dropbear should allow key-based authentication
even if the user has a null password -- at the very least this should
be the case if -s is used.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
