If you lookup your /tmp/etc/shadow you see that all accounts have
The last two fields that contain zeros are
7th field controls Inactive state : The number of days after password expires that account is disabled
8th filed controls Expire state : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used.
DON'T put a zero in the 7yh/8th filed,which tomatousb does,on full linux system account will be treated as expired/inactive.
I don't know why dropbear does not recognize this. But if you try to install postfix/cyrus with cyrus-sasl sasl auth will surely do recognize that all acounts are expired. I don't know how many more optwares do recognize this account expiration.
I would like to request developers correct this in source code,or if someone points me to the script in source making shadow file I correct this to conform to linux standard.