Running dropbear as unprivileged user to a single user SSH Server
Rob Landley
rob at landley.net
Tue Aug 30 22:51:17 WST 2011
On 08/29/2011 04:05 AM, Antoine Catton wrote:
> Hello,
>
> On Fri, 2011-08-26 at 17:29 +0200, Antoine Catton wrote:
>> Indeed, I would like to run dropbear as a simple SSH server, which would
>> ignore username. This is the idea of the patch I'm currently writing :
>>
>> * Adding the option -u (which stand for “user space”) for example. This
>> option would be use this way : dropbear -u userdef_file
>> * The “userdef_file” would look like this :
>> SHELL=/bin/bash
>> HOME=/home/sample
>> OTHER_ENV=foobar
>>
>> Of course, it would also override the home directory where to look
>> for .ssh/authorized_keys.
>>
>
> I think the way I wanted to implement it is to complex. Instead of that,
> I’m adding an option “-n”. I just looked for a letter which was not used
> yet. This option will get the SHELL, HOME, PASSWORD (if you don't want
> to use SSH Keys) from environment variable (for example
> DROPBEAR_SINGLEUSER_(HOME|PASSWORD|SHELL) ).
> This way, it won't be a bloatware feature.
Sounds generally useful. Notes:
A) DROPBEAR_ is already a reasonably unique prefix, does SINGLEUSER_ add
anything?
B) Do you want to blank them post-fork so they don't wind up passed
through to the resulting client?
> By the way, I had a simple question. For the moment, I downloaded the
> latest dropbear tarball [1] and start a git repo with it to develop.
> Is there a git/mercurial/whatever repo for Dropbear ? (The only repo I
> saw was the historical CVS one).
If Matt ever shared his repo, I never found it. I just fiddle with the
release tarballs.
Rob
More information about the Dropbear
mailing list