Hi all; I'm hoping to switch out openssh and replace it with dropbear to save some space on my embedded system, but there are two problems I have.
The first is that I implement management of my embedded system by creating a special, restricted shell that only knows a few well-defined operations, like "reboot", "status", and similar. I need the user to be able to invoke these commands over ssh without requiring any password or key setup. In openssh I can do this by setting the SSH daemon parameter to not fail on empty passwords. But, I can't find anything similar in dropbear. Googling around I found references to a "allow-nopw.patch" which supposedly adds this but I can't find the patch itself. From what I have been able to see it seems the patch just #ifdefs out the checks. I was hoping for something that would add a command-line option to dropbear to disable this check... something that might even have a chance of being supported officially. Is there any interest in something like this? The second thing is that a have a number of systems already deployed, and they contain host keys generated by OpenSSH's keygen. However, when I try to invoke the dropbear server and point it at those OpenSSH-generated keys, it just fails for me with an error about a line that's too long. Is it possible to get dropbear to use an OpenSSH-generated host key?
