dropbear with PAM support - Unable to do ssh.
sriram.ec at gmail.com
Wed May 10 01:08:28 AWST 2017
I m facing a problem when I am trying to use dropbear with PAM support.
My requirement is to restrict certain users to do ssh only through certain
for ex: my board has 2 ip's 10.207.18.101/24 on eth0 and 10.207.118.101/24
dropbear server listens on port 22 on both of these interfaces. Given this
scenario, I want to restrict a particular user say "abc" to be able to do
ssh only through eth1 network.
like "abc" should be able to login from ip's like 10.207.118.102/24,
I didnt find a way to do using only dropbear. So had to integrate dropbear
I applied this patch to dropbear-2016.74.tar.bz2
@@ -213,10 +213,10 @@ If you test it please contact the Dropbear author */
/* This requires crypt() */
/* PAM requires ./configure --enable-pam */
-/*#define ENABLE_SVR_PAM_AUTH */
Configured and compiled dropbear with PAM support.
I added below configuration files.
a. cat /etc/pam.d/sshd
auth required pam_unix.so
account required pam_access.so
b. cat /etc/security/access.conf
+ : root : ALL
+ : abc : 10.207.118.0/24
- : abc : 10.207.18.0/24
- : ALL : ALL
But with this configuration, abc is unable to login to the machine via
Any idea on how to fix this one ?
Apologies if its not the right forum to ask this question.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dropbear