Hi matt, Thanx for the response. I changed as u suggested and put dummy password authentication and it worked.
Now i have a question. Actually the commandline interpreter i call has its own username and password authentication (which doesn't use /etc/passwd). So now i want to totally skip the regular username and password in the SSH and directly call my commandline interpreter (which has a password autentication by itself). How do i achieve that? Is there any security flaws in this kinda design. Thanx - Prasad On 7/14/06, Matt Johnston <[EMAIL PROTECTED]> wrote:
On Fri, Jul 14, 2006 at 06:13:44PM -0700, Prasad wrote: > Hi all, > How do i make dropbear call my own utility/command-line parser which > has its own way of checking the username and password and does some > other work. Have a look at svr_auth_password() in svr-authpasswd.c for how the existing password checking works. You could make it run a hardcoded system() call (beware of allowing arbitrary input), and then check the return value of the program? Note that if the user doesn't exist in /etc/passwd, then you'll have to manually fill out the entries in the ses.authstate.pw structure. Look out for the code in svr-auth.c that checks that a shell is valid - you may want to disable that. > How do i integrate that with the dropbear-ssh (in this way > i can get my code to get run using SSH and not the default > /bin/sh). If you're using /etc/passwd still, just change the shell there (and /etc/shells). Otherwise, change the shell that is filled out in the ses.authstate.pw structure during auth. The shell to execute is taken from ses.authstate.pw->pw_shell in svr-chansession.c. The shell is run as "sh -c 'command line arguments'", so you might want to change that (or just have your own shell ignore arguments). Matt
