this patch allow to set -g option 1. -g allow to make a more secure ssh server configuration by avoiding brute force attack on root while allowing user to use password (where the username is more difficult to guess).

Matthieu
from #6736

SVN-Revision: 20219

1 files changed, 8 insertions, 3 deletions

diff --git a/package/dropbear/files/dropbear.init b/package/dropbear/files/dropbear.init
index 85a90d02fd..6250636fc1 100755
--- a/package/dropbear/files/dropbear.init
+++ b/package/dropbear/files/dropbear.init
@@ -37,15 +37,20 @@ dropbear_start()
 	config_get port "${section}" Port
 	# C) banner file
 	local bannerfile
-	config_get bannerfile ${section} BannerFile
-	[ -f $bannerfile ] || bannerfile=''
+	config_get bannerfile "${section}" BannerFile
+	[ -f "$bannerfile" ] || bannerfile=''
 	# D) gatewayports
 	local gatewayports
 	config_get_bool gatewayports "${section}" GatewayPorts 0
 	[ "${gatewayports}" -eq 1 ] || gatewayports=''
+	# E) root password authentication
+	local norootpasswd
+	local rootpassauth
+	config_get_bool rootpassauth "${section}" RootPasswordAuth 1
+	[ "${rootpassauth}" -eq 0 ] && norootpasswd=1
 	# concatenate parameters
 	local args
-	args="${nopasswd:+-s }${port:+-p ${port} }${bannerfile:+-b $bannerfile }${gatewayports:+-a }-P /var/run/${NAME}.${PIDCOUNT}.pid"
+	args="${nopasswd:+-s }${norootpasswd:+-g }${port:+-p ${port} }${bannerfile:+-b $bannerfile }${gatewayports:+-a }-P /var/run/${NAME}.${PIDCOUNT}.pid"
 
 	# execute program and return its exit code
 	[ "${verbosed}" -ne 0 ] && echo "${initscript}: section ${section} starting ${PROG} ${args}"