From: Travis Kemen Date: Sun, 14 Mar 2010 21:26:45 +0000 (+0000) Subject: this patch allow to set -g option 1. -g allow to make a more secure ssh server config... X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=6aca925ca80969382b943ddb401dd1238d815554;p=openwrt%2Fstaging%2Fstintel.git this patch allow to set -g option 1. -g allow to make a more secure ssh server configuration by avoiding brute force attack on root while allowing user to use password (where the username is more difficult to guess). Matthieu from #6736 SVN-Revision: 20219 --- diff --git a/package/dropbear/files/dropbear.init b/package/dropbear/files/dropbear.init index 85a90d02fd..6250636fc1 100755 --- a/package/dropbear/files/dropbear.init +++ b/package/dropbear/files/dropbear.init @@ -37,15 +37,20 @@ dropbear_start() config_get port "${section}" Port # C) banner file local bannerfile - config_get bannerfile ${section} BannerFile - [ -f $bannerfile ] || bannerfile='' + config_get bannerfile "${section}" BannerFile + [ -f "$bannerfile" ] || bannerfile='' # D) gatewayports local gatewayports config_get_bool gatewayports "${section}" GatewayPorts 0 [ "${gatewayports}" -eq 1 ] || gatewayports='' + # E) root password authentication + local norootpasswd + local rootpassauth + config_get_bool rootpassauth "${section}" RootPasswordAuth 1 + [ "${rootpassauth}" -eq 0 ] && norootpasswd=1 # concatenate parameters local args - args="${nopasswd:+-s }${port:+-p ${port} }${bannerfile:+-b $bannerfile }${gatewayports:+-a }-P /var/run/${NAME}.${PIDCOUNT}.pid" + args="${nopasswd:+-s }${norootpasswd:+-g }${port:+-p ${port} }${bannerfile:+-b $bannerfile }${gatewayports:+-a }-P /var/run/${NAME}.${PIDCOUNT}.pid" # execute program and return its exit code [ "${verbosed}" -ne 0 ] && echo "${initscript}: section ${section} starting ${PROG} ${args}"