dropbear authentication
Hi All, ho can I login as root user with an empty password? Do I need to hack the code or I have to configure dropbear in special way? Welcome advice, Regards, Giuseppe
Re: dropbear authentication
Giuseppe Cavallaro wrote: Hi All, ho can I login as root user with an empty password? Do I need to hack the code or I have to configure dropbear in special way? Welcome advice, Regards, Giuseppe As far as I know, you can if you use keys to get in. If there's another solution, I'm pretty interested.
Re: dropbear authentication
On Wed, Aug 08, 2007 at 08:25:00AM +0200, Giuseppe Cavallaro wrote: Hi All, ho can I login as root user with an empty password? Do I need to hack the code or I have to configure dropbear in special way? It already should work. As a test, I set up the root user on an Ubuntu 7.04 system to have an entry in /etc/shadow of root:R7gIX4dJJcCFw:13612:0:9:7::: and it worked fine. R7gIX4dJJcCFw is just the crypt of an empty password - the Linux password utility wouldn't let me set it manually. You still have to press enter in your client to log in - Dropbear 0.50's dbclient will provide the ability to set DROPBEAR_PASSWORD= and avoid that. I assume you're running this on a closed network or something -- otherwise it'd be a tad insecure. Matt
Re: dropbear authentication
Hi On 08/08/2007, Matt Johnston [EMAIL PROTECTED] wrote: On Wed, Aug 08, 2007 at 08:25:00AM +0200, Giuseppe Cavallaro wrote: Hi All, ho can I login as root user with an empty password? Do I need to hack the code or I have to configure dropbear in special way? It already should work. As a test, I set up the root user on an Ubuntu 7.04 system to have an entry in /etc/shadow of root:R7gIX4dJJcCFw:13612:0:9:7::: and it worked fine. R7gIX4dJJcCFw is just the crypt of an empty password - the Linux password utility wouldn't let me set it manually. Thanks, it works like a charm! You still have to press enter in your client to log in - Dropbear 0.50's dbclient will provide the ability to set DROPBEAR_PASSWORD= and avoid that. I assume you're running this on a closed network or something -- otherwise it'd be a tad insecure. I'm using dropbear 0.49 on an embedded system based on uClibc with a private network (p2p). Just another question: Is it possible to totally skip authentication phase with dropbear? I mean, using telnet or ssh (but configuring the latter) I'm able to login without entering password and login. In this case my root entry in passwd is root::0:0 ... Thanks a lot Ciao Giuseppe Matt
Re: dropbear authentication
On Wed, Aug 08, 2007 at 09:53:12AM +0200, Giuseppe Cavallaro wrote: Just another question: Is it possible to totally skip authentication phase with dropbear? I mean, using telnet or ssh (but configuring the latter) I'm able to login without entering password and login. In this case my root entry in passwd is root::0:0 ... There's a hardcoded check in checkusername() that won't allow an empty password crypt since that's a common misconfiguration. If the user has an OK entry in /etc/passwd though, you can make Dropbear skip auth fairly easily, see the patch below. Matt --- svr-auth.c dbd28ab1fff172ca3f2e4cb756ec53b74b48b6b3 +++ svr-auth.c 70235853e723eb3b7557be219aace2406ed45bb1 @@ -124,15 +124,6 @@ void recv_msg_userauth_request() { dropbear_exit(unknown service in auth); } - /* user wants to know what methods are supported */ - if (methodlen == AUTH_METHOD_NONE_LEN - strncmp(methodname, AUTH_METHOD_NONE, - AUTH_METHOD_NONE_LEN) == 0) { - TRACE((recv_msg_userauth_request: 'none' request)) - send_msg_userauth_failure(0, 0); - goto out; - } - /* check username is good before continuing */ if (checkusername(username, userlen) == DROPBEAR_FAILURE) { /* username is invalid/no shell/etc - send failure */ @@ -141,45 +132,8 @@ void recv_msg_userauth_request() { goto out; } -#ifdef ENABLE_SVR_PASSWORD_AUTH - if (!svr_opts.noauthpass - !(svr_opts.norootpass ses.authstate.pw-pw_uid == 0) ) { - /* user wants to try password auth */ - if (methodlen == AUTH_METHOD_PASSWORD_LEN - strncmp(methodname, AUTH_METHOD_PASSWORD, - AUTH_METHOD_PASSWORD_LEN) == 0) { - svr_auth_password(); - goto out; - } - } -#endif + send_msg_userauth_success(); -#ifdef ENABLE_SVR_PAM_AUTH - if (!svr_opts.noauthpass - !(svr_opts.norootpass ses.authstate.pw-pw_uid == 0) ) { - /* user wants to try password auth */ - if (methodlen == AUTH_METHOD_PASSWORD_LEN - strncmp(methodname, AUTH_METHOD_PASSWORD, - AUTH_METHOD_PASSWORD_LEN) == 0) { - svr_auth_pam(); - goto out; - } - } -#endif - -#ifdef ENABLE_SVR_PUBKEY_AUTH - /* user wants to try pubkey auth */ - if (methodlen == AUTH_METHOD_PUBKEY_LEN - strncmp(methodname, AUTH_METHOD_PUBKEY, - AUTH_METHOD_PUBKEY_LEN) == 0) { - svr_auth_pubkey(); - goto out; - } -#endif - - /* nothing matched, we just fail */ - send_msg_userauth_failure(0, 1); - out: m_free(username);
Re: dropbear authentication
Hi Matt, It works fine if I set root:R7gIX4dJJcCFw:... in passwd file. So I'd like to have the same scenario but using root::... in passwd. Is it possible? Thanks a lot for your excellent support, Giuseppe There's a hardcoded check in checkusername() that won't allow an empty password crypt since that's a common misconfiguration. If the user has an OK entry in /etc/passwd though, you can make Dropbear skip auth fairly easily, see the patch below. Matt