MAX_USERNAME_LEN set too low
W. Michael Petullo
mike at flyn.org
Fri Mar 1 08:28:30 AWST 2019
Dropbear's auth.h defines MAX_USERNAME_LEN as 25 and provides the
commentary "arbitrary for the moment."
The useradd utility from shadow-utils on Linux supports usernames with
up to 32 characters.
This means that some valid users cannot make use of SSH, namely users
for which len(username) is larger than 25 but less than 32.
32 seems pretty common. Can we modify Dropbear to use 32 instead of 25?
--
Mike
:wq
More information about the Dropbear
mailing list