I'm trying to switch from the openssh server to dropbear's server on an embedded system, and I've run into one snag. I've enabled the "allow blank password" feature, but dropbear still prompts for a password on accounts that have blank passwords. That's "wrong" -- or at least it's different than what openssh, telnetd, login do.
Hoping to submit a patch to fix this, I spent some time looking through dropbear's server code. Unfortunately, I don't know enough about how ssh authentication works to know where to start tweaking. When I ssh to the openssh server using an account with an empty password, I see that that the auth method "none" succeeds. When I ssh to the dropbear server, it ends up using auth method "password" with an empty password. Can somebody lend me a clue as to what I need to do to make dropbear act like openssh/telnetd/login in the case where a user's password is empty? Here's a client-side trace when connecting to openssh server:' OpenSSH_5.9p1-hpn13v11, OpenSSL 1.0.0i 19 Apr 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to 192.168.250.90 [192.168.250.90] port 22. debug1: Connection established. debug1: identity file /home/grante/.ssh/id_rsa type 1 [...] debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8 debug1: match: OpenSSH_5.8 pat OpenSSH* debug1: Remote is NON-HPN aware debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9p1-hpn13v11 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: AUTH STATE IS 0 debug1: REQUESTED ENC.NAME is 'aes128-ctr' debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: REQUESTED ENC.NAME is 'aes128-ctr' debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA be:5b:6e:45:82:e6:3f:d8:c9:30:ac:97:a6:8e:8f:d9 debug1: Host '192.168.250.90' is known and matches the ECDSA host key. debug1: Found key in /home/grante/.ssh/known_hosts:97 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentication succeeded (none). Authenticated to 192.168.250.90 ([192.168.250.90]:22). debug1: HPN to Non-HPN Connection debug1: Final hpn_buffer_size = 131072 debug1: HPN Disabled: 0, HPN Buffer Size: 131072 debug1: channel 0: new [client-session] debug1: Enabled Dynamic Window Scaling Here's a trace when connecting to the dropbear server: OpenSSH_5.9p1-hpn13v11, OpenSSL 1.0.0i 19 Apr 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.0.0.99 [10.0.0.99] port 22. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load "/home/grante/.ssh/id_rsa" as a RSA1 public key debug1: identity file /home/grante/.ssh/id_rsa type 1 debug1: identity file /home/grante/.ssh/id_rsa-cert type -1 debug1: identity file /home/grante/.ssh/id_dsa type -1 debug1: identity file /home/grante/.ssh/id_dsa-cert type -1 debug1: identity file /home/grante/.ssh/id_ecdsa type -1 debug1: identity file /home/grante/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version dropbear_2012.55 debug1: no match: dropbear_2012.55 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9p1-hpn13v11 debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host "10.0.0.99" from file "/home/grante/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /home/grante/.ssh/known_hosts:96 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: AUTH STATE IS 0 [...] debug1: REQUESTED ENC.NAME is 'aes128-ctr' debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: REQUESTED ENC.NAME is 'aes128-ctr' debug1: kex: client->server aes128-ctr hmac-md5 none debug2: dh_gen_key: priv key bits set: 126/256 debug2: bits set: 1031/2048 debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY debug1: Server host key: RSA 55:25:3a:83:bb:e6:a9:7e:4f:f7:62:ca:36:09:2a:9c debug3: load_hostkeys: loading entries for host "10.0.0.99" from file "/home/grante/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /home/grante/.ssh/known_hosts:96 debug3: load_hostkeys: loaded 1 keys debug1: Host '10.0.0.99' is known and matches the RSA host key. debug1: Found key in /home/grante/.ssh/known_hosts:96 debug2: bits set: 1009/2048 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/grante/.ssh/id_rsa (0x80b6ea0) debug2: key: /home/grante/.ssh/id_dsa ((nil)) debug2: key: /home/grante/.ssh/id_ecdsa ((nil)) debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/grante/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password debug1: Trying private key: /home/grante/.ssh/id_dsa debug3: no such identity: /home/grante/.ssh/id_dsa debug1: Trying private key: /home/grante/.ssh/id_ecdsa debug3: no such identity: /home/grante/.ssh/id_ecdsa debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password [email protected]'s password: debug3: packet_send2: adding 64 (len 49 padlen 15 extra_pad 64) debug2: we sent a password packet, wait for reply debug1: Authentication succeeded (password). Authenticated to 10.0.0.99 ([10.0.0.99]:22). debug1: Final hpn_buffer_size = 131072 debug1: HPN Disabled: 0, HPN Buffer Size: 131072 debug1: channel 0: new [client-session] debug1: Enabled Dynamic Window Scaling -- Grant Edwards grant.b.edwards Yow! This is a NO-FRILLS at flight -- hold th' CANADIAN gmail.com BACON!!
