<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=EN-GB link=blue vlink=purple>

<div class=Section1>

<div>

<div>

<p class=MsoNormal style='margin-bottom:12.0pt'><font size=2
face="Times New Roman"><span style='font-size:10.0pt'>Hi,<br>
<br>
I found an issue when you only want to use an ssh key on a system with only
root and no root password.  I have pasted a diff of my suggested changes for
you to review below.&nbsp; <o:p></o:p></span></font></p>

<p class=MsoNormal style='margin-bottom:12.0pt'><font size=2
face="Times New Roman"><span style='font-size:10.0pt'>Basically, if you are not
using passwords, it removes the checks for empty password.  <o:p></o:p></span></font></p>

<p class=MsoNormal style='margin-bottom:12.0pt'><font size=2
face="Times New Roman"><span style='font-size:10.0pt'>There may be a better way
of doing this as I am new to dropbear.<br>
<br>
Regards<br>
<br>
Jeff<br>
<br>
diff -Nru dropbear-0.51.orig/options.h dropbear-0.51/options.h<br>
--- dropbear-0.51.orig/options.h&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
2008-03-27 13:34:39.000000000 +0000<br>
+++ dropbear-0.51/options.h&nbsp;&nbsp;&nbsp;&nbsp; 2008-03-28
10:21:06.000000000 +0000<br>
@@ -132,7 +132,7 @@<br>
&nbsp; * but there's an interface via a PAM module - don't bother using it
otherwise.<br>
&nbsp; * You can't enable both PASSWORD and PAM. */<br>
&nbsp;<br>
-#define ENABLE_SVR_PASSWORD_AUTH<br>
+/*#define ENABLE_SVR_PASSWORD_AUTH */<br>
&nbsp;/*#define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */<br>
&nbsp;#define ENABLE_SVR_PUBKEY_AUTH<br>
&nbsp;<br>
diff -Nru dropbear-0.51.orig/svr-auth.c dropbear-0.51/svr-auth.c<br>
--- dropbear-0.51.orig/svr-auth.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
2008-03-27 13:17:16.000000000 +0000<br>
+++ dropbear-0.51/svr-auth.c&nbsp;&nbsp;&nbsp; 2008-03-28 10:21:09.000000000
+0000<br>
@@ -271,14 +271,18 @@<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
return DROPBEAR_FAILURE;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
&nbsp;<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /* check for an empty password */<br>
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (ses.authstate.pw_passwd[0] == '\0') {<br>
+#ifdef ENABLE_SVR_PASSWORD_AUTH<br>
+/* only care if using passwords! */<br>
+/* check for an empty password */<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (!svr_opts.noauthpass &amp;&amp;<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
ses.authstate.pw-&gt;pw_passwd[0] == '\0') {<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
TRACE((&quot;leave checkusername: empty pword&quot;))<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
dropbear_log(LOG_WARNING, &quot;user '%s' has blank password, rejected&quot;,<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
ses.authstate.pw_name);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
send_msg_userauth_failure(0, 1);<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
return DROPBEAR_FAILURE;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<br>
+#endif<br>
&nbsp;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; TRACE((&quot;shell is %s&quot;,
ses.authstate.pw_shell))<br>
&nbsp;<br>
diff -Nru dropbear-0.51.orig/svr-runopts.c dropbear-0.51/svr-runopts.c<br>
--- dropbear-0.51.orig/svr-runopts.c&nbsp;&nbsp;&nbsp; 2008-03-27
13:17:16.000000000 +0000<br>
+++ dropbear-0.51/svr-runopts.c 2008-03-28 10:29:24.000000000 +0000<br>
@@ -111,8 +111,13 @@<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; svr_opts.banner = NULL;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; svr_opts.forkbg = 1;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; svr_opts.norootlogin = 0;<br>
+#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; svr_opts.noauthpass = 0;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; svr_opts.norootpass = 0;<br>
+#else<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; svr_opts.noauthpass = 1;<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; svr_opts.norootpass = 1;<br>
+#endif<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; svr_opts.inetdmode = 0;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; svr_opts.portcount = 0;<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; svr_opts.hostkey = NULL;<o:p></o:p></span></font></p>

</div>

</div>

</div>

</body>

</html>