Passwordless user shouldn't prevent public/private key login.
Matt Johnston
matt at ucc.asn.au
Wed Oct 26 23:57:18 WST 2011
Hi,
Commenting out that code looks like a good idea - I think
it's from before pubkey auth was added to Dropbear. I've got
a separate but related patch to allow empty passwords if you
want, see attached.
PS, mercurial conversion is still planned, but I need to get
time to hack up the mercurial monotone converter to work on
my repository.
Cheers,
Matt
On Fri, Oct 14, 2011 at 12:34:01PM -0500, Rob Landley wrote:
> I'm using the attached horrible patch to allow users with no password to
> log in via public/private key. (Note there's a _separate_ test in the
> actual password mechanism that vetos logins that way.)
>
> This lets me switch systems from telnet to dropbear even when /etc is on
> a read only filesystem.
>
> Rob
>
> No password is no reason to prevent key-based logins.
>
> diff -ru dropbear.new/svr-auth.c dropbear/svr-auth.c
> --- dropbear.new/svr-auth.c 2011-10-11 09:50:22.047129393 -0500
> +++ dropbear/svr-auth.c 2011-03-02 07:23:36.000000000 -0600
> @@ -249,7 +249,7 @@
> return DROPBEAR_FAILURE;
> }
>
> - /* check for an empty password */
> + /* check for an empty password
> if (ses.authstate.pw_passwd[0] == '\0') {
> TRACE(("leave checkusername: empty pword"))
> dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
> @@ -257,6 +257,7 @@
> send_msg_userauth_failure(0, 1);
> return DROPBEAR_FAILURE;
> }
> +*/
>
> TRACE(("shell is %s", ses.authstate.pw_shell))
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dropbear-blank-pw.diff
Type: text/x-diff
Size: 3856 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20111026/54e17b8c/attachment.diff
More information about the Dropbear
mailing list