dropbear with PAM support - Unable to do ssh.

Sriram sriram.ec at gmail.com
Wed May 10 01:08:28 AWST 2017


I m facing a problem when I am trying to use dropbear with PAM support.

My requirement is to restrict certain users to do ssh only through certain
for ex: my board has 2 ip's on eth0 and
on eth1.
dropbear server listens on port 22 on both of these interfaces. Given this
scenario, I want to restrict a particular user say "abc" to be able to do
ssh only through eth1 network.
like "abc" should be able to login from ip's like, etc.,

I didnt find a way to do using only dropbear. So had to integrate dropbear
with PAM.

I applied this patch to dropbear-2016.74.tar.bz2
--- a/options.h
+++ b/options.h
@@ -213,10 +213,10 @@ If you test it please contact the Dropbear author */

 /* This requires crypt() */
 #ifdef HAVE_CRYPT
 /* PAM requires ./configure --enable-pam */
-/*#define ENABLE_SVR_PAM_AUTH */

Configured and compiled dropbear with PAM support.
I added below configuration files.

a. cat /etc/pam.d/sshd

     auth required pam_unix.so
     account required pam_access.so

b. cat /etc/security/access.conf

    + : root : ALL
    + : abc :
    - :  abc :
    - : ALL : ALL

But with this configuration, abc is unable to login to the machine via also.
Any idea on how to fix this one ?

Apologies if its not the right forum to ask this question.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20170509/db356773/attachment.htm 

More information about the Dropbear mailing list