this patch allow to set -g option 1. -g allow to make a more secure ssh server configuration by avoiding brute force attack on root while allowing user to use password (where the username is more difficult to guess).

Matthieu from #6736 git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20219 3c298f89-4303-0410-b956-a3cf2f4a3e73
2024-10-01 10:58:12 +03:00 · 2010-03-14 21:26:45 +00:00 · 2010-03-14 21:26:45 +00:00 · c37b60f3dc
commit c37b60f3dc
parent 176d390d98
1 changed files with 8 additions and 3 deletions
--- a/package/dropbear/files/dropbear.init
+++ b/package/dropbear/files/dropbear.init
@ -37,15 +37,20 @@ dropbear_start()
 	config_get port "${section}" Port
 	# C) banner file
 	local bannerfile
-	config_get bannerfile ${section} BannerFile
-	[ -f $bannerfile ] || bannerfile=''
+	config_get bannerfile "${section}" BannerFile
+	[ -f "$bannerfile" ] || bannerfile=''
 	# D) gatewayports
 	local gatewayports
 	config_get_bool gatewayports "${section}" GatewayPorts 0
 	[ "${gatewayports}" -eq 1 ] || gatewayports=''
+	# E) root password authentication
+	local norootpasswd
+	local rootpassauth
+	config_get_bool rootpassauth "${section}" RootPasswordAuth 1
+	[ "${rootpassauth}" -eq 0 ] && norootpasswd=1
 	# concatenate parameters
 	local args
-	args="${nopasswd:+-s }${port:+-p ${port} }${bannerfile:+-b $bannerfile }${gatewayports:+-a }-P /var/run/${NAME}.${PIDCOUNT}.pid"
+	args="${nopasswd:+-s }${norootpasswd:+-g }${port:+-p ${port} }${bannerfile:+-b $bannerfile }${gatewayports:+-a }-P /var/run/${NAME}.${PIDCOUNT}.pid"

 	# execute program and return its exit code
 	[ "${verbosed}" -ne 0 ] && echo "${initscript}: section ${section} starting ${PROG} ${args}"