How to force dbclient to use password authentication

sl Bay sl-bay at orange.fr
Tue Feb 9 06:25:19 AWST 2016


Hi,

 

Here my config, I have 3 NAS servers using dropbear version 2014.63

 

For development testing, I have 2 NAS using key authentication and the other only by using password (nas3).

For this last one, there is no issue when I try to connect it directly by using Putty but I fail if I use dbclient from a TTY session opened on one of both other NAS servers (nas1 or nas2).

 

Command used : export DROPBEAR_PASSWORD="xxxxxxxxxxxxxxxx" && dbclient -p 22 root at nas3

I found why. As I use also pageant, dbclient send the key loaded on pageant instead of using the password set in the shell variable. On the server side, I note an endless loop as /.ssh/authorized_keys does not exist and repeat this sequence :

TRACE (8333): enter recv_msg_userauth_request
TRACE (8333): enter checkusername
TRACE (8333): shell is /bin/sh
TRACE (8333): test shell is '/bin/sh'
TRACE (8333): matching shell
TRACE (8333): uid = 0
TRACE (8333): leave checkusername
TRACE (8333): enter pubkeyauth
TRACE (8333): enter checkpubkey
TRACE (8333): enter checkpubkeyperms
TRACE (8333): enter checkfileperm(/)
TRACE (8333): leave checkfileperm: success
TRACE (8333): enter checkfileperm(//.ssh)
TRACE (8333): leave checkfileperm: success
TRACE (8333): enter checkfileperm(//.ssh/authorized_keys)
TRACE (8333): leave checkfileperm: stat() != 0
TRACE (8333): leave checkpubkeyperms
TRACE (8333): bad authorized_keys permissions, or file doesn't exist
TRACE (8333): leave checkpubkey: ret=-1
TRACE (8333): enter send_msg_userauth_failure


So my issue, is there a way to force dbclient to use only password authentication ?

Note: if I open by cascading sessions: from nas1 I open a session on nas2 and then if I try to open a session on nas3, I do not have this issue.

 

best rgds

 

Stephane

 

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20160208/93ea016f/attachment.htm 


More information about the Dropbear mailing list