Allow password-less (& key-less) login via dropbear
paul at mad-scientist.us
Thu Mar 26 15:05:02 WST 2009
Hi all; I'm hoping to switch out openssh and replace it with dropbear to
save some space on my embedded system, but there are two problems I
The first is that I implement management of my embedded system by
creating a special, restricted shell that only knows a few well-defined
operations, like "reboot", "status", and similar. I need the user to be
able to invoke these commands over ssh without requiring any password or
In openssh I can do this by setting the SSH daemon parameter to not fail
on empty passwords.
But, I can't find anything similar in dropbear. Googling around I found
references to a "allow-nopw.patch" which supposedly adds this but I
can't find the patch itself. From what I have been able to see it seems
the patch just #ifdefs out the checks. I was hoping for something that
would add a command-line option to dropbear to disable this check...
something that might even have a chance of being supported officially.
Is there any interest in something like this?
The second thing is that a have a number of systems already deployed,
and they contain host keys generated by OpenSSH's keygen. However, when
I try to invoke the dropbear server and point it at those
OpenSSH-generated keys, it just fails for me with an error about a line
that's too long. Is it possible to get dropbear to use an
OpenSSH-generated host key?
More information about the Dropbear