Re: dropbrear not compiling statically

Mon, 17 Oct 2011 10:46:23 -0700 

On 10/16/2011 08:50 AM, Tilman Glotzner wrote:
> Hello
>  
>  
> I am trying to compile dropbrear statically:

I'm using the attached patch with the following build sequence to build
the statically linked dropbearmulti instances at
http://landley.net/aboriginal/downloads/binaries/extras against uClibc.

cp -sfR /mnt/dropbear dropbear &&
cd dropbear &&
CFLAGS="-I ../zlib -Os" LDFLAGS="--static -L ../zlib" ./configure &&
sed -i 's@/usr/bin/dbclient@ssh@' options.h &&
make -j $CPUS PROGRAMS="dropbear dbclient dropbearkey dropbearconvert
scp" MULTI=1 SCPPROGRESS=1 &&
strip dropbearmulti &&
upload_result dropbearmulti &&
cd .. &&
rm -rf dropbear || exit 1

> Warning: Permanently added '192.168.1.40' (RSA) to the list of known hosts.
> [email protected]'s <mailto:[email protected]'s> password:
> Permission denied, please try again.
> ...
>  
> Apparantly, dropbear does not know user root -- I wonder why however
> (root is defined in /etc/passwd) :

If the root user has no password, dropbear discards it even if you plan
to use public/private key to get in.  (There's a separate test in
password authentication disallowing empty passwords, this is a test in
user verification that discards the user as _invalid_.  It also does so
if their /home directory didn't exist, and a few other things.  Run it
with -F -E and see what it says when you try to log in.)

The second patch is how I worked around that.  (And yes,  I poked the
list about both issues already...)

Rob

#
# old_revision [c7f6c45c46a2f8e2394756c68ae825d6e4dc7489]
#
# patch "Makefile.in"
#  from [ea21753734b01f01ea1062923f4cb5eac65eadec]
#    to [3dcc9b69742a8a4f59ea9f22b6d80bad2c761117]
#
============================================================
--- dropbear/Makefile.in	ea21753734b01f01ea1062923f4cb5eac65eadec
+++ dropbear/Makefile.in	3dcc9b69742a8a4f59ea9f22b6d80bad2c761117
@@ -28,7 +28,7 @@ COMMONOBJS=dbutil.o buffer.o \
 		queue.o \
 		atomicio.o compat.o  fake-rfc2553.o 
 
-SVROBJS=@CRYPTLIB@ svr-kex.o svr-algo.o svr-auth.o sshpty.o \
+SVROBJS=svr-kex.o svr-algo.o svr-auth.o sshpty.o \
 		svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \
 		svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o\
 		svr-tcpfwd.o svr-authpam.o
@@ -56,7 +56,7 @@ HEADERS=options.h dbutil.h session.h pac
 		loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
 		listener.h fake-rfc2553.h
 
-dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) 
+dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) @CRYPTLIB@ 
 dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
 dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
 dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
@@ -167,7 +167,7 @@ ifeq ($(MULTI),1)
 # multi-binary compilation.
 MULTIOBJS=
 ifeq ($(MULTI),1)
-	MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs)))
+	MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs))) @CRYPTLIB@ 
 	CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
 endif
 

No password is no reason to prevent key-based logins.

diff -ru dropbear.new/svr-auth.c dropbear/svr-auth.c
--- dropbear.new/svr-auth.c	2011-10-11 09:50:22.047129393 -0500
+++ dropbear/svr-auth.c	2011-03-02 07:23:36.000000000 -0600
@@ -249,7 +249,7 @@
 		return DROPBEAR_FAILURE;
 	}
 
-	/* check for an empty password */
+	/* check for an empty password
 	if (ses.authstate.pw_passwd[0] == '\0') {
 		TRACE(("leave checkusername: empty pword"))
 		dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
@@ -257,6 +257,7 @@
 		send_msg_userauth_failure(0, 1);
 		return DROPBEAR_FAILURE;
 	}
+*/
 
 	TRACE(("shell is %s", ses.authstate.pw_shell))

Reply via email to