New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Disable root login for dropbear using xinetd?
I'm using dropbear with xinetd and I'm having trouble getting the -w
(no root login) or -g
(no root password login) options working. After I made the changes to add -g
I restarted invoke-rc.d xinetd restart
but it doesn't seem to be picking up my changes since I can still login as root using a password.
/etc/xinetd.d/dropbear
service ssh
{
socket_type = stream
only_from = 0.0.0.0
wait = no
user = root
protocol = tcp
server = /usr/sbin/dropbear
server_args = -i -g
disable = no
port = 22
type = unlisted
}
Comments
Change disabled to yes
Sure???
@zhuanyi disabling this config will cause xinetd to skip it. Since the default dropbear config has START=0 then SSH will no longer accept connections because there will be no SSH service started.
Try
server_args = "-i -g"
@Keith, no go. In fact, when I add the quotes the service fails to start.
It worked for me.
What version of dropbear are you using?
Oh, my apologies, thought you started the dropbear by using service dropbear start
Have you tried editing /etc/default/dropbear instead of the file in xinetd.d? Editing /etc/default/dropbear has worked for to disable root logins and password logins for dropbear. Add the line:
DROPBEAR_EXTRA_ARGS="-w -g"
Once you edit it, be sure to save changes and restart dropbear.
I've always used exactly the same config and root password login does not work.
Stupid question, but are you sure you can login as root? dropbear works a bit different than sshd there, if you disable root password login it will still ask you to enter one but it will reject it every time.