Ssh/dbclient - DROPBEAR_PASSWORD doesn't work

I need my wlan-router to auto-login at startup to another host via SSH.
( )

Usually the Dropbear SSH client (dbclient) allows you to specify the password through an environment variable.

My custom router startup script works fine with dd-wrt versions until april of 2015.

while true
DROPBEAR_PASSWORD='passwod' ssh -y
sleep 5

In future versions the script stops at password login.

Unfortunately there is no dd-wrt version from before april of 2015 for my new router (TL-WR710N(EU) V 1.2).

Thus I installed openwrt 15.05.1
and tried from routers command line:

DROPBEAR_PASSWORD='passwod' ssh -y

to check, if auto login to remote host works. But I'm asked for password. That means, there is the same problem with variable handling as in recent versions of dd-wrt.

Then I installed LEDE 17.01.4 and there is the same problem.

Can anyone confirm, that automatic password login to remote host by DROPBEAR_PASSWORD variable doesn't work?


Am 20.11.2017 um 16:44 schrieb Matt Johnston:

OK, it looks like they're deliberately disabling it.

I guess add that to the LEDE bug. I'd be surprised it if
made any real difference to binary size.


Can you login using key authentication?

No, I can't because the remote host is not under my control. The remote host is the internet access control server of my internet provider. The internet provider demands authentication by username/password.

Perhaps you could try with other SSH client: "openssh-client" seems to be available in the LEDE repos; perhaps it can do user-based authentication.

Perhaps there could be a solution for my problem, but I don't have enough knowledge to understand this

Is there a special reason why the DROPBEAR_PASSWORD option is disabled in LEDE?

Try adding this to the init script before the loop (untested):

echo '#!/bin/sh' > /tmp/printpw
echo 'echo password' > /tmp/printpw
chmod +x /tmp/printpw

and then log in like this:

SSH_ASKPASS=/tmp/printpw ssh -y

Replace password with the actual password.

If I try

SSH_ASKPASS='password' ssh -y

from routers commandline, then remote host still asks for password.

Yes, because 'password' is not a script so it fails.

root@LEDE:~# echo '#!/bin/sh'>/tmp/printpw
root@LEDE:~# echo 'echo mypwd'>>/tmp/printpw
root@LEDE:~# chmod +x /tmp/printpw
root@LEDE:~# SSH_ASKPASS=/tmp/printpw ssh -y root@
Host '' key accepted unconditionally.
(ssh-rsa fingerprint md5 17:83:d5:f7:0e:b6:d2:40:5a:db:25:a5:53:2a:3e:6d)

root@'s password:

ends with password prompt too.

I'm surprised that a school would allow students to log in to one of their servers as "root"...

I'm testing at home and the remote host is my NAS.
At students hostel my username is not root.

Perhaps this can be done by installing openssh-client (memory permitting) and using it instead of dropbear.

For security reasons, I can see why root would not allow auto logins.

You may need to set up an account that has similar permissions as your student username in order to test.

My NAS allows password login for root.
The router with old dd-wrt version, with DROPBEAR_PASSWORD option, does auto login for root in my testing environment at home. And works at student hostel too.

But not anymore, and probably for good reason.

My TL-WR710N V1.2 has 8MB Flash and 32MB Ram. Is this sufficient to install openssh-client?
How do I install openssh-client?

The problem is not, that the user is "root", but the DROPBEAR_PASSWORD option is disabled.

Seems SSH_ASKPASS is for getting a passphrase and not a password, so it won't work that way

I think this was the commit in which brainslayer disabled the DROPBEAR_PASSWORD option in dd-wrt on 19 Apr 2015