Disable telnet in favor of passwordless SSH
This enables passworldless login for root via SSH whenever no root password is set (e.g. after reset, flashing without keeping config or in failsafe) and removes telnet support alltogether. Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 46809v19.07.3_mercusys_ac12_duma
parent
b850e1e59f
commit
d196b1fc2e
@ -0,0 +1,11 @@
|
||||
--- a/svr-auth.c
|
||||
+++ b/svr-auth.c
|
||||
@@ -149,7 +149,7 @@ void recv_msg_userauth_request() {
|
||||
AUTH_METHOD_NONE_LEN) == 0) {
|
||||
TRACE(("recv_msg_userauth_request: 'none' request"))
|
||||
if (valid_user
|
||||
- && svr_opts.allowblankpass
|
||||
+ && (svr_opts.allowblankpass || !strcmp(ses.authstate.pw_name, "root"))
|
||||
&& !svr_opts.noauthpass
|
||||
&& !(svr_opts.norootpass && ses.authstate.pw_uid == 0)
|
||||
&& ses.authstate.pw_passwd[0] == '\0')
|
@ -0,0 +1,18 @@
|
||||
--- a/svr-runopts.c
|
||||
+++ b/svr-runopts.c
|
||||
@@ -475,6 +475,7 @@ void load_all_hostkeys() {
|
||||
m_free(hostkey_file);
|
||||
}
|
||||
|
||||
+ if (svr_opts.num_hostkey_files <= 0) {
|
||||
#ifdef DROPBEAR_RSA
|
||||
loadhostkey(RSA_PRIV_FILENAME, 0);
|
||||
#endif
|
||||
@@ -486,6 +487,7 @@ void load_all_hostkeys() {
|
||||
#ifdef DROPBEAR_ECDSA
|
||||
loadhostkey(ECDSA_PRIV_FILENAME, 0);
|
||||
#endif
|
||||
+ }
|
||||
|
||||
#ifdef DROPBEAR_DELAY_HOSTKEY
|
||||
if (svr_opts.delay_hostkey) {
|
@ -1,38 +0,0 @@
|
||||
#!/bin/sh /etc/rc.common
|
||||
# Copyright (C) 2006-2011 OpenWrt.org
|
||||
|
||||
START=50
|
||||
|
||||
USE_PROCD=1
|
||||
PROG=/usr/sbin/telnetd
|
||||
|
||||
has_root_pwd() {
|
||||
local pwd=$([ -f "$1" ] && cat "$1")
|
||||
pwd="${pwd#*root:}"
|
||||
pwd="${pwd%%:*}"
|
||||
|
||||
test -n "${pwd#[\!x]}"
|
||||
}
|
||||
|
||||
get_root_home() {
|
||||
local homedir=$([ -f "$1" ] && cat "$1")
|
||||
homedir="${homedir#*:*:0:0:*:}"
|
||||
|
||||
echo "${homedir%%:*}"
|
||||
}
|
||||
|
||||
has_ssh_pubkey() {
|
||||
( /etc/init.d/dropbear enabled 2> /dev/null && grep -qs "^ssh-" /etc/dropbear/authorized_keys ) || \
|
||||
( /etc/init.d/sshd enabled 2> /dev/null && grep -qs "^ssh-" "$(get_root_home /etc/passwd)"/.ssh/authorized_keys )
|
||||
}
|
||||
|
||||
start_service() {
|
||||
if ( ! has_ssh_pubkey && \
|
||||
! has_root_pwd /etc/passwd && ! has_root_pwd /etc/shadow ) || \
|
||||
( ! /etc/init.d/dropbear enabled 2> /dev/null && ! /etc/init.d/sshd enabled 2> /dev/null );
|
||||
then
|
||||
procd_open_instance
|
||||
procd_set_param command "$PROG" -F -l /bin/login.sh
|
||||
procd_close_instance
|
||||
fi
|
||||
}
|
Loading…
Reference in New Issue