this patch allow to set -g option 1. -g allow to make a more secure ssh server configuration by avoiding brute force attack on root while allowing user to use password (where the username is more difficult to guess).

Matthieu
from #6736

SVN-Revision: 20219
owl
Travis Kemen 2010-03-14 21:26:45 +00:00
parent 73f61a64eb
commit 6aca925ca8
1 changed files with 8 additions and 3 deletions

View File

@ -37,15 +37,20 @@ dropbear_start()
config_get port "${section}" Port
# C) banner file
local bannerfile
config_get bannerfile ${section} BannerFile
[ -f $bannerfile ] || bannerfile=''
config_get bannerfile "${section}" BannerFile
[ -f "$bannerfile" ] || bannerfile=''
# D) gatewayports
local gatewayports
config_get_bool gatewayports "${section}" GatewayPorts 0
[ "${gatewayports}" -eq 1 ] || gatewayports=''
# E) root password authentication
local norootpasswd
local rootpassauth
config_get_bool rootpassauth "${section}" RootPasswordAuth 1
[ "${rootpassauth}" -eq 0 ] && norootpasswd=1
# concatenate parameters
local args
args="${nopasswd:+-s }${port:+-p ${port} }${bannerfile:+-b $bannerfile }${gatewayports:+-a }-P /var/run/${NAME}.${PIDCOUNT}.pid"
args="${nopasswd:+-s }${norootpasswd:+-g }${port:+-p ${port} }${bannerfile:+-b $bannerfile }${gatewayports:+-a }-P /var/run/${NAME}.${PIDCOUNT}.pid"
# execute program and return its exit code
[ "${verbosed}" -ne 0 ] && echo "${initscript}: section ${section} starting ${PROG} ${args}"