Hi all, As a few of you pointed out, the issue was with permissions. When run from a standard user account, dropbear did not have permission to read the /etc/shadow file. This was noted in the README, but I managed to miss it.
Figured out how to get everything up and running with key-based authentication, and now it's all running smoothly. Thanks! ~ Kent -----Original Message----- From: Matt Johnston [mailto:[email protected]] Sent: Sunday, June 12, 2016 9:27 PM To: Hans Harder <[email protected]> Cc: [email protected]; Nixon, Kent W <[email protected]> Subject: Re: Running Dropbear Without Root Permissions My guess is that the problem is related to /etc/shadow. If the crypted password there isn't readable then it will use the entry from /etc/passwd - I guess that's something like '!!' which would signify a locked account. For testing you can always hardcode a password crypt in debug.h Cheers, Matt On Sun, Jun 12, 2016 at 11:31:55AM +0200, Hans Harder wrote: > I have it running as a separate daemon on a few systems as a non root > user without problems.. > I changed the config.h to disable all the features which might require > more rights than the user has or uses OS functions.... for instance > DISABLE_PAM, DISABLE_LASTLOG, DISABLE_SYSLOG I only use the user > daemon with ssh keys... > > Also I changed the locations of all the needed files to a local > locaition for instance in the options.h file where the hostkeys are > located (removed the /etc path from it) > > That should make it work I believe > > > Hans > > > On Fri, Jun 10, 2016 at 10:43 AM, Nixon, Kent W <[email protected]> wrote: > > > Hi all, > > > > I'm currently testing my (default) compile settings of dropbear > > 2016.73 on an x86_64 Ubuntu 14.04 machine. I'm running the dropbear > > server from the terminal of a standard user account and attempting > > to connect using dbclient as that same user from the same machine > > just to test/learn how to use dropbear before I attempt to > > cross-compile it and run it on an Android system. > > > > I currently run the following command to start the server: > > > > dropbear -F -p 6666 -E -R -m > > > > And attempt to connect (using the same machine) as the same user > > that is running dropbear using: > > > > dbcleint -p 6666 -y <username>@127.0.0.1 > > > > Everything seems to work well, except that after I enter the > > appropriate password, the client is rejected by the server which posts the > > message: > > > > User account '<username>' is locked > > > > However, following the same steps as above, but running the dropbear > > server with root permissions, everything works as expected (i.e. I > > am able to open a remote shell without any problems). > > > > What changes when dropbear is run with standard user permissions > > that is causing the account to be 'locked'? Do I need to locate the > > rsa/dss/ecdsa keys somewhere else other than /etc/dropbear/? > > > > Thanks in advance for your time and consideration! > > > > ~ Kent > >
