Dropbear calling my own command-line parser than /bin/sh.

Prasad ndprasad at gmail.com
Tue Jul 18 12:53:52 WST 2006


Hi matt,
Thanx for the response. I changed as u suggested and put dummy
password authentication and it worked.

Now i have a question. Actually the commandline interpreter i call has
its own username and password authentication (which doesn't use
/etc/passwd). So now i want to totally skip the regular username and
password in the SSH and directly call my commandline interpreter
(which has a password autentication by itself). How do i achieve that?
 Is there any security flaws in this kinda design.

Thanx
- Prasad

On 7/14/06, Matt Johnston <matt at ucc.asn.au> wrote:
> On Fri, Jul 14, 2006 at 06:13:44PM -0700, Prasad wrote:
> > Hi all,
> > How do i make dropbear call my own utility/command-line parser which
> > has its own way of checking the username and password and does some
> > other work.
>
> Have a look at svr_auth_password() in svr-authpasswd.c for
> how the existing password checking works. You could make it
> run a hardcoded system() call (beware of allowing arbitrary
> input), and then check the return value of the program? Note
> that if the user doesn't exist in /etc/passwd, then you'll
> have to manually fill out the entries in the
> ses.authstate.pw structure. Look out for the code in
> svr-auth.c that checks that a shell is valid - you may want
> to disable that.
>
> > How do i integrate that with the dropbear-ssh (in this way
> > i can get my code to get run using SSH and not the default
> > /bin/sh).
>
> If you're using /etc/passwd still, just change the shell
> there (and /etc/shells). Otherwise, change the shell that is
> filled out in the ses.authstate.pw structure during auth.
> The shell to execute is taken from
> ses.authstate.pw->pw_shell in svr-chansession.c. The shell
> is run as "sh -c 'command line arguments'", so you might
> want to change that (or just have your own shell ignore
> arguments).
>
> Matt
>
>



More information about the Dropbear mailing list