Testing a busybox image and we had noticed an issue where the /etc/shadow file is not being updated. However, dropbear should not be referencing /etc/shadow if the 2nd field is not mark with 'X'. If I remove the broken /etc/shadow file then I'm able to login, but regardless dropbear should not be referencing /etc/shadow if the password field is not set to the character x.

Dropbear always reads /etc/shadow first for a crypt, then falls back to /etc/passwd. I'll update it to handle 'x' specially, I had missed that.