Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Disable root login for dropbear using xinetd?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Disable root login for dropbear using xinetd?

XeoncrossXeoncross Member
edited July 2012 in Help

I'm using dropbear with xinetd and I'm having trouble getting the -w (no root login) or -g (no root password login) options working. After I made the changes to add -g I restarted invoke-rc.d xinetd restart but it doesn't seem to be picking up my changes since I can still login as root using a password.

/etc/xinetd.d/dropbear

service ssh
{
    socket_type  = stream
    only_from    = 0.0.0.0
    wait         = no
    user         = root
    protocol     = tcp
    server       = /usr/sbin/dropbear
    server_args  = -i -g
    disable      = no
    port         = 22
    type         = unlisted
}

Comments

  • Change disabled to yes

  • yomeroyomero Member
    Expand: Change disabled to yes

    Sure???

  • XeoncrossXeoncross Member
    edited July 2012

    @zhuanyi disabling this config will cause xinetd to skip it. Since the default dropbear config has START=0 then SSH will no longer accept connections because there will be no SSH service started.

  • KeithKeith Member

    Try
    server_args = "-i -g"

  • @Keith, no go. In fact, when I add the quotes the service fails to start.

  • KeithKeith Member

    It worked for me.

  • What version of dropbear are you using?

  • @Xeoncross said: disabling this config will cause xinetd to skip it. Since the default dropbear config has START=0 then SSH will no longer accept connections because there will be no SSH service started.

    Oh, my apologies, thought you started the dropbear by using service dropbear start

  • azizmbazizmb Member
    edited July 2012

    Have you tried editing /etc/default/dropbear instead of the file in xinetd.d? Editing /etc/default/dropbear has worked for to disable root logins and password logins for dropbear. Add the line:
    DROPBEAR_EXTRA_ARGS="-w -g"
    Once you edit it, be sure to save changes and restart dropbear.

  • vedranvedran Veteran

    I've always used exactly the same config and root password login does not work.

    Stupid question, but are you sure you can login as root? dropbear works a bit different than sshd there, if you disable root password login it will still ask you to enter one but it will reject it every time.

Sign In or Register to comment.