From c37b60f3dcbcf194670137d22ead7e1c0cb4e8c7 Mon Sep 17 00:00:00 2001 From: thepeople Date: Sun, 14 Mar 2010 21:26:45 +0000 Subject: [PATCH] this patch allow to set -g option 1. -g allow to make a more secure ssh server configuration by avoiding brute force attack on root while allowing user to use password (where the username is more difficult to guess). Matthieu from #6736 git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20219 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/dropbear/files/dropbear.init | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/package/dropbear/files/dropbear.init b/package/dropbear/files/dropbear.init index 85a90d02f..6250636fc 100755 --- a/package/dropbear/files/dropbear.init +++ b/package/dropbear/files/dropbear.init @@ -37,15 +37,20 @@ dropbear_start() config_get port "${section}" Port # C) banner file local bannerfile - config_get bannerfile ${section} BannerFile - [ -f $bannerfile ] || bannerfile='' + config_get bannerfile "${section}" BannerFile + [ -f "$bannerfile" ] || bannerfile='' # D) gatewayports local gatewayports config_get_bool gatewayports "${section}" GatewayPorts 0 [ "${gatewayports}" -eq 1 ] || gatewayports='' + # E) root password authentication + local norootpasswd + local rootpassauth + config_get_bool rootpassauth "${section}" RootPasswordAuth 1 + [ "${rootpassauth}" -eq 0 ] && norootpasswd=1 # concatenate parameters local args - args="${nopasswd:+-s }${port:+-p ${port} }${bannerfile:+-b $bannerfile }${gatewayports:+-a }-P /var/run/${NAME}.${PIDCOUNT}.pid" + args="${nopasswd:+-s }${norootpasswd:+-g }${port:+-p ${port} }${bannerfile:+-b $bannerfile }${gatewayports:+-a }-P /var/run/${NAME}.${PIDCOUNT}.pid" # execute program and return its exit code [ "${verbosed}" -ne 0 ] && echo "${initscript}: section ${section} starting ${PROG} ${args}" -- 2.35.1