2

I am working on a Yocto-based Linux. I have Dropbear SSH installed. If debug-tweaks is included in IMAGE-FEATURES, I can correctly login via SSH without password. Now, I want to setup a password-based login. So I removed the debug tweaks and added the following lines to my recipe:

inherit extrausers
EXTRA_USERS_PARAMS = "usermod -P mypassword root;"

Now when I try to login via SSH I get the following error:

root@IP: Permission denied (publickey,password).

What is the problem? I checked that the password is correct.

firion
  • 296
  • 3
  • 12

2 Answers2

1

The method described by BelHadjSalem TALEL's answer, involving modifying the /etc/default/dropbear file directly to customize the DROPBEAR_EXTRA_ARGS, will work. However, there is a more elegant way to accomplish the same thing.

Simply add allow-root-login to IMAGE_FEATURES in your local.conf (or your custom image .bb file).

This causes the BitBake plumbing to do the same thing (remove the -w flag), without you having to muck about with it or maintain it. As a bonus, it will continue to work even if you switch the image to use OpenSSH instead of Dropbear (by changing from ssh-server-dropbear to ssh-server-openssh in the IMAGE_FEATURE list).

Note that allow-root-login is implicitly enabled by debug-tweaks, but you can add just allow-root-login without turning on all of debug-tweaks.

Cody Gray - on strike
  • 239,200
  • 50
  • 490
  • 574
0

I created a simple poky build with a simple meta-test layer that appends to core-image-minimal this:

inherit extrausers
EXTRA_USERS_PARAMS = "usermod -P 123 root;"
IMAGE_FEATURES_remove = "debug-tweaks"
IMAGE_FEATURES_append = " ssh-server-dropbear"
IMAGE_INSTALL_append = " dropbear"

I started runqemu after the build finished and this is what I figured out:

At first I tried connecting to ssh and it actually denied me.

By default dropbear disables root login, you can find the default file:

/etc/default/dropbear

its content:

# Disallow root logins by default
DROPBEAR_EXTRA_ARGS="-w"

So, I removed the "-w" option and I ran:

/etc/init.d/dropbear restart

I got a successful login on dropbear ssh server.

In addition, you can add this automatically to your custom layer:

meta-custom/
    --> recipes-core/
        --> dropbear/
            --> dropbear_%.bbappend

dropbear_%.bbappend:

do_install_append(){
    sed -i 's/-w//g' ${D}/etc/default/dropbear
}
Talel BELHADJSALEM
  • 3,199
  • 1
  • 10
  • 30
  • I managed to create an image where the W flag was removed. However this was not the only problem for me, as I could not login even without that flag. I think there is some problem with the password as I saw that the hash in /etc/shadow does not correspond mypassword hash. So maybe that's why Dropbear is denying me. Is your password hash correct? – firion Jun 29 '21 at 06:38
  • Actually you cannot figure out if the hash corresponds to the password because of the "salt" principle in Linux password and users manager. You can try with "ssh-server-openssh" instead of dropbear. – Talel BELHADJSALEM Jun 29 '21 at 08:56