Dropbear SSH, Root login, and Bash Shell....

DrewPre · 09/29/2009, 04:28 AM

Okay, prior to the WebOS 1.2 upgrade, I had dropbear installed per webos-internals instructions. I also followed the instructions located there for manually setting up SFTP.

I am using SSH Secure Shell as my client.

I am not sure what else i might have done because it was working then and now it is not working any longer.

I have followed the instructions verbatim.

I am not that well versed in Linux to know if I am missing something or not.

I have /etc/shells set up with the following...

Code:

/bin/ash
/bin/sh
/opt/bin/bash

I have /opt/bin/visudo setup with the following...

Code:

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# Runas alias specification

# User privilege specification
root ALL=(ALL) ALL
root ALL=NOPASSWD: /opt/libexec/sftp-server
                                                              
# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL) ALL
                               
# Same thing without a password        
# %wheel        ALL=(ALL) NOPASSWD: ALL
         
# Samples                                           
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
user#1 ALL=(ALL) ALL                         
user#1 ALL=NOPASSWD: /opt/libexec/sftp-server
user#2 ALL=(ALL) ALL                         
user#2 ALL=NOPASSWD: /opt/libexec/sftp-server

The /etc/passwd file looks like this...

Code:

root:$1$NjaC2Fwx$319jXOictrXypjrS4y5Q6/:0:0:root:/home/root:/opt/bin/bash
daemon:*:1:1:daemon:/usr/sbin:/bin/sh
bin:*:2:2:bin:/bin:/bin/sh
sys:*:3:3:sys:/dev:/bin/sh
sync:*:4:65534:sync:/bin:/bin/sync
games:*:5:60:games:/usr/games:/bin/sh
man:*:6:12:man:/var/cache/man:/bin/sh
lp:*:7:7:lp:/var/spool/lpd:/bin/sh
mail:*:8:8:mail:/var/mail:/bin/sh
news:*:9:9:news:/var/spool/news:/bin/sh
uucp:*:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:*:13:13:proxy:/bin:/bin/sh
pulse:*:31:31:pulse:/var/run/pulse:/bin/sh
www-data:*:33:33:www-data:/var/www:/bin/sh
backup:*:34:34:backup:/var/backups:/bin/sh
list:*:38:38:Mailing List Manager:/var/list:/bin/sh
irc:*:39:39:ircd:/var/run/ircd:/bin/sh
gnats:*:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:*:65534:65534:nobody:/nonexistent:/bin/sh
luna:*:1000:1000:luna:/nonexistent:/bin/false
user#1:$1$xruA3oNJ$CDe/mf2Yn6jaZkNzE7OnO1:1001:1001:Linux User,,,:/var/home/user#1:/opt/bin/bash
user#2:$1$yBNupc1Y$u2U1v1m.V96C6teeyTf511:1002:1002:Linux User,,,:/var/home/user#2:/opt/bin/bash

Both User#1 and User#2 are able to log into SSH Secure Shell but neither can SFTP because they don't have filesystem RW access. The Root user does but he cannot log into SSH Secure Shell.

Is there some miniscule little file that I am forgetting to update???

Please help.... I would like to copy files to/from the Pre without having to switch between USB mode and back or using the WebOS QuickInstall.

Plus it would be nice to learn a little something new about linux.

TIA.

DrewPre · 09/30/2009, 03:21 AM

Figured it out.... I had to edit the configuration file optware-dropbear located in /etc/event.d

file:/etc/event.d/optware-dropbear

Code:

description "Dropbear SSH Daemon for WebOS"
author "Dax Kelson"
version 1.1

# don't start until the WebOS finishes it's normal boot
# that way no delay is added to the GUI startup
start on stopped finish
stop on runlevel [!2]

# The "stock" WebOS dropbear (not shipped) uses this next line
# uncomment if you want the same behavior
#stop on started start_update

# don't try to log any output
console none

# Uncomment to make sure SSH sessions don't slow down GUI use
#nice 5

# Restart the SSH daemon if it exits/dies
respawn

# -g disallow password logins for root
# -F runs in the foreground so the respawn will work
# -p sets the TCP port
# exec /opt/sbin/dropbear -g -F -p 222
exec /opt/sbin/dropbear -F -p 222

pre-start script
     # Add firewall rule to allow SSH access over WiFi on port 222
     # Remove the "-i eth0" on both of the following lines to enable SSH access
     # over the cellular data network (EVDO, etc).
     /usr/sbin/iptables -D INPUT -p tcp --dport 222 -j ACCEPT || /bin/true
     /usr/sbin/iptables -I INPUT -p tcp --dport 222 -j ACCEPT
end script

# funny comment goes here

sbansal · 12/28/2009, 10:19 AM

I need to edit the optware-dropbear file as mentioned above but am not sure how to do this.
The file opens as read-only.
Thanks!

12/28/2009, 10:19 AM	#3 (permalink)
sbansal Member Join Date: Jul 2009 Posts: 1 Likes Received: 0 Thanks: 0 Thanked 0 Times in 0 Posts	How to edit optware-dropbear script file? I need to edit the optware-dropbear file as mentioned above but am not sure how to do this. The file opens as read-only. Thanks!
	Liked by

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode