dropbear authentication

Giuseppe Cavallaro peppe.cavallaro at gmail.com
Wed Aug 8 15:53:12 WST 2007


On 08/08/2007, Matt Johnston <matt at ucc.asn.au> wrote:
> On Wed, Aug 08, 2007 at 08:25:00AM +0200, Giuseppe Cavallaro wrote:
> > Hi All,
> > ho can I login as root user with an empty password?
> > Do I need to hack the code or I have to configure dropbear in "special"
> way?
> It already should work.
> As a test, I set up the root user on an Ubuntu 7.04 system
> to have an entry in /etc/shadow of
> root:R7gIX4dJJcCFw:13612:0:99999:7:::
> and it worked fine. "R7gIX4dJJcCFw" is just the crypt of an
> empty password - the Linux password utility wouldn't let me
> set it manually.

Thanks, it works like a charm!

You still have to press enter in your client to log in -
> Dropbear 0.50's dbclient will provide the ability to set
> DROPBEAR_PASSWORD="" and avoid that.

I assume you're running this on a closed network or
> something -- otherwise it'd be a tad insecure.

I'm using dropbear 0.49 on an embedded system based on uClibc with a private
network (p2p).

Just another question:

Is it possible to totally skip authentication phase with dropbear?
I mean, using telnet or ssh (but configuring the latter) I'm able to login
without entering password and login.
In this case my root entry in passwd is root::0:0 ...

Thanks a lot

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20070808/a863e321/attachment.htm 

More information about the Dropbear mailing list