Allow password-less (& key-less) login via dropbear

Paul Smith paul at mad-scientist.us
Thu Mar 26 15:05:02 WST 2009


Hi all; I'm hoping to switch out openssh and replace it with dropbear to
save some space on my embedded system, but there are two problems I
have.

The first is that I implement management of my embedded system by
creating a special, restricted shell that only knows a few well-defined
operations, like "reboot", "status", and similar.  I need the user to be
able to invoke these commands over ssh without requiring any password or
key setup.

In openssh I can do this by setting the SSH daemon parameter to not fail
on empty passwords.

But, I can't find anything similar in dropbear.  Googling around I found
references to a "allow-nopw.patch" which supposedly adds this but I
can't find the patch itself.  From what I have been able to see it seems
the patch just #ifdefs out the checks.  I was hoping for something that
would add a command-line option to dropbear to disable this check...
something that might even have a chance of being supported officially.

Is there any interest in something like this?


The second thing is that a have a number of systems already deployed,
and they contain host keys generated by OpenSSH's keygen.  However, when
I try to invoke the dropbear server and point it at those
OpenSSH-generated keys, it just fails for me with an error about a line
that's too long.  Is it possible to get dropbear to use an
OpenSSH-generated host key?



More information about the Dropbear mailing list