<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
        {page:Section1;}
-->
</style>
</head>
<body lang=EN-GB link=blue vlink=purple>
<div class=Section1>
<div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=2
face="Times New Roman"><span style='font-size:10.0pt'>Hi,<br>
<br>
I found an issue when you only want to use an ssh key on a system with only
root and no root password. I have pasted a diff of my suggested changes for
you to review below. <o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=2
face="Times New Roman"><span style='font-size:10.0pt'>Basically, if you are not
using passwords, it removes the checks for empty password. <o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=2
face="Times New Roman"><span style='font-size:10.0pt'>There may be a better way
of doing this as I am new to dropbear.<br>
<br>
Regards<br>
<br>
Jeff<br>
<br>
diff -Nru dropbear-0.51.orig/options.h dropbear-0.51/options.h<br>
--- dropbear-0.51.orig/options.h
2008-03-27 13:34:39.000000000 +0000<br>
+++ dropbear-0.51/options.h 2008-03-28
10:21:06.000000000 +0000<br>
@@ -132,7 +132,7 @@<br>
* but there's an interface via a PAM module - don't bother using it
otherwise.<br>
* You can't enable both PASSWORD and PAM. */<br>
<br>
-#define ENABLE_SVR_PASSWORD_AUTH<br>
+/*#define ENABLE_SVR_PASSWORD_AUTH */<br>
/*#define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */<br>
#define ENABLE_SVR_PUBKEY_AUTH<br>
<br>
diff -Nru dropbear-0.51.orig/svr-auth.c dropbear-0.51/svr-auth.c<br>
--- dropbear-0.51.orig/svr-auth.c
2008-03-27 13:17:16.000000000 +0000<br>
+++ dropbear-0.51/svr-auth.c 2008-03-28 10:21:09.000000000
+0000<br>
@@ -271,14 +271,18 @@<br>
return DROPBEAR_FAILURE;<br>
}<br>
<br>
- /* check for an empty password */<br>
- if (ses.authstate.pw_passwd[0] == '\0') {<br>
+#ifdef ENABLE_SVR_PASSWORD_AUTH<br>
+/* only care if using passwords! */<br>
+/* check for an empty password */<br>
+ if (!svr_opts.noauthpass &&<br>
+
ses.authstate.pw->pw_passwd[0] == '\0') {<br>
TRACE(("leave checkusername: empty pword"))<br>
dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",<br>
ses.authstate.pw_name);<br>
send_msg_userauth_failure(0, 1);<br>
return DROPBEAR_FAILURE;<br>
}<br>
+#endif<br>
<br>
TRACE(("shell is %s",
ses.authstate.pw_shell))<br>
<br>
diff -Nru dropbear-0.51.orig/svr-runopts.c dropbear-0.51/svr-runopts.c<br>
--- dropbear-0.51.orig/svr-runopts.c 2008-03-27
13:17:16.000000000 +0000<br>
+++ dropbear-0.51/svr-runopts.c 2008-03-28 10:29:24.000000000 +0000<br>
@@ -111,8 +111,13 @@<br>
svr_opts.banner = NULL;<br>
svr_opts.forkbg = 1;<br>
svr_opts.norootlogin = 0;<br>
+#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)<br>
svr_opts.noauthpass = 0;<br>
svr_opts.norootpass = 0;<br>
+#else<br>
+ svr_opts.noauthpass = 1;<br>
+ svr_opts.norootpass = 1;<br>
+#endif<br>
svr_opts.inetdmode = 0;<br>
svr_opts.portcount = 0;<br>
svr_opts.hostkey = NULL;<o:p></o:p></span></font></p>
</div>
</div>
</div>
</body>
</html>