diff -Naurw dropbear-0.50/options.h dropbear-0.50-tt/options.h
--- dropbear-0.50/options.h	2007-08-08 17:39:37.000000000 +0200
+++ dropbear-0.50-tt/options.h	2008-02-26 19:05:02.000000000 +0100
@@ -21,10 +21,25 @@
 
 /* Default hostkey paths - these can be specified on the command line */
 #ifndef DSS_PRIV_FILENAME
-#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
+#define DSS_PRIV_FILENAME "/usr/share/config/dropbear/dropbear_dss_host_key"
 #endif
 #ifndef RSA_PRIV_FILENAME
-#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
+#define RSA_PRIV_FILENAME "/usr/share/config/dropbear/dropbear_rsa_host_key"
+#endif
+
+#ifdef TWINTACT
+/* Add few tweak for TwinTact device */
+#ifndef AUTHORIZED_KEYS
+#define AUTHORIZED_KEYS "/usr/share/config/dropbear/authorized_keys"
+#endif
+
+#ifndef FORCED_SHELL
+#define FORCED_SHELL "/usr/share/config/dropbear/shell"
+#endif
+
+#ifndef FORCED_HOME
+#define FORCED_HOME "/usr/share"
+#endif
 #endif
 
 /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
@@ -38,7 +53,7 @@
  * Both of these flags can be defined at once, don't compile without at least
  * one of them. */
 #define NON_INETD_MODE
-#define INETD_MODE
+//#define INETD_MODE
 
 /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
  * perhaps 20% slower for pubkey operations (it is probably worth experimenting
@@ -51,7 +66,7 @@
 #define DROPBEAR_SMALL_CODE
 
 /* Enable X11 Forwarding - server only */
-#define ENABLE_X11FWD
+//#define ENABLE_X11FWD
 
 /* Enable TCP Fowarding */
 /* 'Local' is "-L" style (client listening port forwarded via server)
@@ -64,7 +79,7 @@
 #define ENABLE_SVR_REMOTETCPFWD
 
 /* Enable Authentication Agent Forwarding - server only for now */
-#define ENABLE_AGENTFWD
+//#define ENABLE_AGENTFWD
 
 /* Encryption - at least one required.
  * RFC Draft requires 3DES and recommends AES128 for interoperability.
@@ -73,9 +88,9 @@
 #define DROPBEAR_AES128_CBC
 #define DROPBEAR_3DES_CBC
 #define DROPBEAR_AES256_CBC
-#define DROPBEAR_BLOWFISH_CBC
-#define DROPBEAR_TWOFISH256_CBC
-#define DROPBEAR_TWOFISH128_CBC
+//#define DROPBEAR_BLOWFISH_CBC
+//#define DROPBEAR_TWOFISH256_CBC
+//#define DROPBEAR_TWOFISH128_CBC
 
 /* Message Integrity - at least one required.
  * RFC Draft requires sha1 and recommends sha1-96.
@@ -112,7 +127,7 @@
 /* #define DSS_PROTOK */
 
 /* Whether to do reverse DNS lookups. */
-#define DO_HOST_LOOKUP
+//#define DO_HOST_LOOKUP
 
 /* Whether to print the message of the day (MOTD). This doesn't add much code
  * size */
@@ -120,7 +135,7 @@
 
 /* The MOTD file path */
 #ifndef MOTD_FILENAME
-#define MOTD_FILENAME "/etc/motd"
+#define MOTD_FILENAME "/usr/share/config/dropbear/motd"
 #endif
 
 /* Authentication Types - at least one required.
@@ -174,13 +189,13 @@
  * not yet authenticated. After this limit, connections are rejected */
 /* The first setting is per-IP, to avoid denial of service */
 #ifndef MAX_UNAUTH_PER_IP
-#define MAX_UNAUTH_PER_IP 5
+#define MAX_UNAUTH_PER_IP 2
 #endif
 
 /* And then a global limit to avoid chewing memory if connections 
  * come from many IPs */
 #ifndef MAX_UNAUTH_CLIENTS
-#define MAX_UNAUTH_CLIENTS 30
+#define MAX_UNAUTH_CLIENTS 10
 #endif
 
 /* Maximum number of failed authentication tries (server option) */
@@ -204,17 +219,17 @@
  * OpenSSH), set the path below. If the path isn't defined, sftp will not
  * be enabled */
 #ifndef SFTPSERVER_PATH
-#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
+#define SFTPSERVER_PATH "/usr/share/bin/sftp-server"
 #endif
 
 /* This is used by the scp binary when used as a client binary. If you're
  * not using the Dropbear client, you'll need to change it */
-#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
+#define _PATH_SSH_PROGRAM "/usr/share/bin/dbclient"
 
 /* Whether to log commands executed by a client. This only logs the 
  * (single) command sent to the server, not what a user did in a 
  * shell/sftp session etc. */
-/* #define LOG_COMMANDS */
+#define LOG_COMMANDS
 
 /* Window size limits. These tend to be a trade-off between memory
    usage and network performance: */
@@ -233,14 +248,14 @@
 
 /* Ensure that data is transmitted every KEEPALIVE seconds. This can
 be overridden at runtime with -K. 0 disables keepalives */
-#define DEFAULT_KEEPALIVE 0
+#define DEFAULT_KEEPALIVE 30
 
 /*******************************************************************
  * You shouldn't edit below here unless you know you need to.
  *******************************************************************/
 
 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "0.50"
+#define DROPBEAR_VERSION "0.50-TwinTact"
 #endif
 
 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
diff -Naurw dropbear-0.50/svr-auth.c dropbear-0.50-tt/svr-auth.c
--- dropbear-0.50/svr-auth.c	2007-08-08 17:39:37.000000000 +0200
+++ dropbear-0.50-tt/svr-auth.c	2008-02-26 15:34:36.000000000 +0100
@@ -215,6 +215,11 @@
 			m_free(ses.authstate.printableuser);
 	}
 
+#ifdef FORCED_SHELL
+    TRACE(("Forcing shell to %s", FORCED_SHELL))
+    ses.authstate.pw->pw_shell = FORCED_SHELL ;
+#endif
+
 	/* check that user exists */
 	if (ses.authstate.pw == NULL) {
 		TRACE(("leave checkusername: user '%s' doesn't exist", username))
@@ -236,6 +241,8 @@
 		return DROPBEAR_FAILURE;
 	}
 
+/* Skip password check on twintact */
+#ifndef TWINTACT
 	/* check for an empty password */
 	if (ses.authstate.pw->pw_passwd[0] == '\0') {
 		TRACE(("leave checkusername: empty pword"))
@@ -244,6 +251,7 @@
 		send_msg_userauth_failure(0, 1);
 		return DROPBEAR_FAILURE;
 	}
+#endif
 
 	TRACE(("shell is %s", ses.authstate.pw->pw_shell))
 
@@ -254,6 +262,11 @@
 		usershell = "/bin/sh";
 	}
 
+#ifdef FORCED_SHELL
+    // Skip checking the shell... just trust it
+    goto goodshell;
+#endif
+
 	/* check the shell is valid. If /etc/shells doesn't exist, getusershell()
 	 * should return some standard shells like "/bin/sh" and "/bin/csh" (this
 	 * is platform-specific) */
diff -Naurw dropbear-0.50/svr-authpasswd.c dropbear-0.50-tt/svr-authpasswd.c
--- dropbear-0.50/svr-authpasswd.c	2007-08-08 17:39:37.000000000 +0200
+++ dropbear-0.50-tt/svr-authpasswd.c	2008-02-26 15:50:08.000000000 +0100
@@ -60,6 +60,7 @@
 	passwdcrypt = DEBUG_HACKCRYPT;
 #endif
 
+#ifndef TWINTACT
 	/* check for empty password - need to do this again here
 	 * since the shadow password may differ to that tested
 	 * in auth.c */
@@ -69,6 +70,7 @@
 		send_msg_userauth_failure(0, 1);
 		return;
 	}
+#endif
 
 	/* check if client wants to change password */
 	changepw = buf_getbool(ses.payload);
diff -Naurw dropbear-0.50/svr-authpubkey.c dropbear-0.50-tt/svr-authpubkey.c
--- dropbear-0.50/svr-authpubkey.c	2007-08-08 17:39:37.000000000 +0200
+++ dropbear-0.50-tt/svr-authpubkey.c	2008-02-26 16:49:39.000000000 +0100
@@ -176,6 +176,9 @@
 		goto out;
 	}
 
+#ifdef AUTHORIZED_KEYS
+    filename = (char *) AUTHORIZED_KEYS ;
+#else
 	/* we don't need to check pw and pw_dir for validity, since
 	 * its been done in checkpubkeyperms. */
 	len = strlen(ses.authstate.pw->pw_dir);
@@ -184,6 +187,7 @@
 	filename = m_malloc(len + 22);
 	snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
 				ses.authstate.pw->pw_dir);
+#endif
 
 	/* open the file */
 	authfile = fopen(filename, "r");
@@ -247,7 +251,9 @@
 	if (line) {
 		buf_free(line);
 	}
+#ifndef AUTHORIZED_KEYS
 	m_free(filename);
+#endif
 	TRACE(("leave checkpubkey: ret=%d", ret))
 	return ret;
 }
@@ -274,6 +280,9 @@
 		goto out;
 	}
 
+#ifdef AUTHORIZED_KEYS
+    filename = (char *) AUTHORIZED_KEYS ;
+#else
 	/* allocate max required pathname storage,
 	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
 	filename = m_malloc(len + 22);
@@ -292,6 +301,7 @@
 
 	/* now check ~/.ssh/authorized_keys */
 	strncat(filename, "/authorized_keys", 16);
+#endif
 	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
 		goto out;
 	}
@@ -300,7 +310,9 @@
 	ret = DROPBEAR_SUCCESS;
 	
 out:
+#ifndef AUTHORIZED_KEYS
 	m_free(filename);
+#endif
 
 	TRACE(("leave checkpubkeyperms"))
 	return ret;
diff -Naurw dropbear-0.50/svr-chansession.c dropbear-0.50-tt/svr-chansession.c
--- dropbear-0.50/svr-chansession.c	2007-08-08 17:39:37.000000000 +0200
+++ dropbear-0.50-tt/svr-chansession.c	2008-02-26 17:00:02.000000000 +0100
@@ -929,17 +929,25 @@
 		}
 	}
 
+#ifdef FORCED_SHELL
+    usershell = FORCED_SHELL ;
+#else
 	/* an empty shell should be interpreted as "/bin/sh" */
 	if (ses.authstate.pw->pw_shell[0] == '\0') {
 		usershell = "/bin/sh";
 	} else {
 		usershell = ses.authstate.pw->pw_shell;
 	}
+#endif
 
 	/* set env vars */
 	addnewvar("USER", ses.authstate.pw->pw_name);
 	addnewvar("LOGNAME", ses.authstate.pw->pw_name);
+#ifdef FORCED_HOME
+    addnewvar("HOME", FORCED_HOME );
+#else
 	addnewvar("HOME", ses.authstate.pw->pw_dir);
+#endif
 	addnewvar("SHELL", usershell);
 	if (chansess->term != NULL) {
 		addnewvar("TERM", chansess->term);
diff -Naurw dropbear-0.50/svr-runopts.c dropbear-0.50-tt/svr-runopts.c
--- dropbear-0.50/svr-runopts.c	2007-08-08 17:39:37.000000000 +0200
+++ dropbear-0.50-tt/svr-runopts.c	2008-02-26 19:08:27.000000000 +0100
@@ -61,7 +61,11 @@
 #endif
 					"-w		Disallow root logins\n"
 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
+#ifdef TWINTACT
+					"-s		Enable password logins\n"
+#else
 					"-s		Disable password logins\n"
+#endif
 					"-g		Disable password logins for root\n"
 #endif
 #ifdef ENABLE_SVR_LOCALTCPFWD
@@ -111,7 +115,11 @@
 	svr_opts.banner = NULL;
 	svr_opts.forkbg = 1;
 	svr_opts.norootlogin = 0;
+#ifdef TWINTACT
+	svr_opts.noauthpass = 1;
+#else
 	svr_opts.noauthpass = 0;
+#endif
 	svr_opts.norootpass = 0;
 	svr_opts.inetdmode = 0;
 	svr_opts.portcount = 0;
@@ -220,7 +228,11 @@
 					break;
 #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
 				case 's':
+#ifdef TWINTACT
+					svr_opts.noauthpass = 0;
+#else
 					svr_opts.noauthpass = 1;
+#endif
 					break;
 				case 'g':
 					svr_opts.norootpass = 1;