About telnet, ssh, clish, klish in openWrt

It is not required to be authorized to use the connection via Telnet by default. It is enough just to type the following:

$ telnet 192.168.1.100
Trying 192.168.1.100...
Connected to 192.168.1.100.
Escape character is '^]'.
 === IMPORTANT ============================
  Use 'passwd' to set your login password
  this will disable telnet and enable SSH
 ------------------------------------------

BusyBox v1.19.4 (2013-07-08 17:26:11 MSK) built-in shell (ash)
Enter 'help' for a list of built-in commands.
 -----------------------------------------------------
 BARRIER BREAKER (Bleeding Edge, r36822)
 -----------------------------------------------------
  * 1/2 oz Galliano         Pour all ingredients into
  * 4 oz cold Coffee        an irish coffee mug filled
  * 1 1/2 oz Dark Rum       with crushed ice. Stir.
  * 2 tsp. Creme de Cacao
 -----------------------------------------------------

If you want to be authorized in openWrt via telnet, then you need to make changes in the following files:
The file /bin/login.sh should look like this:

#!/bin/sh
# Copyright (C) 2006-2011 OpenWrt.org

if ( ! grep -qs '^root:[!x]\?:' /etc/shadow || \
     ! grep -qs '^root:[!x]\?:' /etc/passwd ) && \
   [ -z "$FAILSAFE" ]
then
	echo "authorized access through telnet"
  busybox login
else
cat << EOF
 === IMPORTANT ============================
  Use 'passwd' to set your login password
 ------------------------------------------
EOF
exec /bin/ash --login
fi

There should be set an option in make menuconfig:

-> Base system 
   -> busybox
     -> Configuration 
        -> Login/Password Management Utilities
        [*] login 

Using the command adduser we can add a new user to the system:

root@OpenWrt:/# adduser guest

Using the command passwd we can set the password for root and for guest:

root@OpenWrt:/# passwd 
Changing password for root
New password: 

After setting a password for root, the start of Telnet will be disabled by starting script etc/init.d/telnet. Therefore the function start can be patched like this:

start() {
		service_start /usr/sbin/telnetd -l /bin/login.sh
}

That's all. After all these operations the authorization via Telnet will look like this:

$ telnet 192.168.1.100
Trying 192.168.1.100...
Connected to 192.168.1.100.
Escape character is '^]'.
authorized access through telnet
OpenWrt login: 

For access via ssh in openWrt we use dropbear server. The user can be connected via ssh from the console as follows:

$ ssh guest@192.168.1.100
The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
RSA key fingerprint is 22:bb:9f:3e:47:21:0f:64:7f:57:6b:6c:a1:1b:12:7c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.100' (RSA) to the list of known hosts.
guest@192.168.1.100's password: 

Typically, the device access for the guest user needs to be limited by a certain set of commands and the root user gets the unlimited access. Or while root authorization the interpreter /bin/ash is to be run and while guest authorization another shell is to be run.

The utility clish is especially convenient for using as interpreter for the guest user. The clish emulates the CISCO-like command line interface. Special thanks to the man who continued the development of the clish under the title klish.

What should be done to start clish (klish) while guest user authorization via telnet or ssh?

It is nessesary to make changes to the file /etc/passwd for guest user:

guest:x:1000:1000:Linux User,,,:/home/guest:/usr/bin/clish

It is also nessesary to add the utility clish to the list of registered shells in the system. For doing this we should make changes to the file /etc/shells

# cat /etc/shells 
/bin/ash
/usr/bin/clish

Rebooting. As a result, the usual console with the command line will run for the root user and for the guest user clish will run while authorization via telnet or ssh.