If I apply your patch will it allow logins without password?
I am being told
user 'user' has blank password, rejected (ditto for root)
My little linux came with no passwords (just hit Enter to log in as root)
and I added them (probably with busybox passwd). It is a bare-bones
distro and maybe dropbear is looking for some file which is not there.
I have real passwords for root and user in /etc/passwd. I also have root
and user listed in /etc/shadow. (I think our linux came without shadow
but adduser added it).
What file is dropbear checking to determine if password is blank?
Perhaps my linux needs something changed to work with dropbear (or vice
versa).
I don't understand waht ses.authstate.pw is or does or how to program.
Sindi
On Thu, 3 Apr 2008, Jeff Tope wrote:
Hi,
I found an issue when you only want to use an ssh key on a system with only
root and no root password. I have pasted a diff of my suggested changes for
you to review below.
Basically, if you are not using passwords, it removes the checks for empty
password.
There may be a better way of doing this as I am new to dropbear.
Regards
Jeff
diff -Nru dropbear-0.51.orig/options.h dropbear-0.51/options.h
--- dropbear-0.51.orig/options.h 2008-03-27 13:34:39.000000000 +0000
+++ dropbear-0.51/options.h 2008-03-28 10:21:06.000000000 +0000
@@ -132,7 +132,7 @@
* but there's an interface via a PAM module - don't bother using it otherwise.
* You can't enable both PASSWORD and PAM. */
-#define ENABLE_SVR_PASSWORD_AUTH
+/*#define ENABLE_SVR_PASSWORD_AUTH */
/*#define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */
#define ENABLE_SVR_PUBKEY_AUTH
diff -Nru dropbear-0.51.orig/svr-auth.c dropbear-0.51/svr-auth.c
--- dropbear-0.51.orig/svr-auth.c 2008-03-27 13:17:16.000000000 +0000
+++ dropbear-0.51/svr-auth.c 2008-03-28 10:21:09.000000000 +0000
@@ -271,14 +271,18 @@
return DROPBEAR_FAILURE;
}
- /* check for an empty password */
- if (ses.authstate.pw_passwd[0] == '\0') {
+#ifdef ENABLE_SVR_PASSWORD_AUTH
+/* only care if using passwords! */
+/* check for an empty password */
+ if (!svr_opts.noauthpass &&
+ ses.authstate.pw->pw_passwd[0] == '\0') {
TRACE(("leave checkusername: empty pword"))
dropbear_log(LOG_WARNING, "user '%s' has blank password,
rejected",
ses.authstate.pw_name);
send_msg_userauth_failure(0, 1);
return DROPBEAR_FAILURE;
}
+#endif
TRACE(("shell is %s", ses.authstate.pw_shell))
diff -Nru dropbear-0.51.orig/svr-runopts.c dropbear-0.51/svr-runopts.c
--- dropbear-0.51.orig/svr-runopts.c 2008-03-27 13:17:16.000000000 +0000
+++ dropbear-0.51/svr-runopts.c 2008-03-28 10:29:24.000000000 +0000
@@ -111,8 +111,13 @@
svr_opts.banner = NULL;
svr_opts.forkbg = 1;
svr_opts.norootlogin = 0;
+#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
svr_opts.noauthpass = 0;
svr_opts.norootpass = 0;
+#else
+ svr_opts.noauthpass = 1;
+ svr_opts.norootpass = 1;
+#endif
svr_opts.inetdmode = 0;
svr_opts.portcount = 0;
svr_opts.hostkey = NULL;
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org
