Login attempt for nonexistent user on Alpine Linux
Matt Johnston
matt at ucc.asn.au
Sat Dec 2 00:53:33 AWST 2017
Hi Hugo,
Statically linking glibc isn't sufficient to make it standalone, you need to copy the libnss libraries - glibc looks for those at runtime. Another option is to build against musl libc instead.
Cheers,
Matt
On 1 December 2017 12:51:08 pm AWST, Hugo Genesse <hugo.genesse at polymtl.ca> wrote:
>
>Hi!
>
>I've been trying to use dropbear (compiled myself statically with
>./configure; make STATIC=1) on a Alpine Linux Docker container (Linux
>4.13.12-1-ARCH) with the latest Alpine Docker image (3.6 if I'm not
>mistaken). I run dropbear like this: "./dropbear -R" and can't login
>with proper credentials. With the "-E" switch I get the following:
>
> /root/dropbear -R -E
>[59] Dec 01 04:31:32 Running in background
>[60] Dec 01 04:31:36 Child connection from <IP>
>[60] Dec 01 04:31:36 Login attempt for nonexistent user from <IP>
>
>My credentials are right and the command to connect is: "ssh
>root at 127.0.0.1" (the port is properly forwarded to the container).
>With the ssh client verbose option I get:
>
>debug1: Next authentication method: password
>root at 127.0.0.1's password:
>debug1: Authentications that can continue: publickey,password
>Permission denied, please try again.
>root at 127.0.0.1's password:
>debug1: Authentications that can continue: publickey,password
>Permission denied, please try again.
>root at 127.0.0.1's password:
>debug1: Authentications that can continue: publickey,password
>debug1: No more authentication methods to try.
>root at 127.0.0.1: Permission denied (publickey,password).
>
>and the root account exists as you can see here:
>
>cat /etc/passwd
>root:x:0:0:root:/root:/bin/ash
>[...]
>
>I've seen issues that seem similar on the web:
>https://lists.debian.org/debian-arm/2012/06/msg00056.html
>The ones I found were fixed by copying libnss to another location but
>shouldn't a statically dropbear already solve this problem?
>
>I also have telnet activated and I can login with root (don't worry
>this won't be put into production, it is for demonstration purposes
>only).
>
>Is there any other things I should check or modify to be able to login
>
>with dropbear?
>
>Thanks!
More information about the Dropbear
mailing list