Noticed the following when browsing around in the OpenEmbedded sources the other day:
ROOTFS_POSTPROCESS_COMMAND += "openssh_allow_empty_password ;"
This allows a blank password for development, which is conveient for running ssh/scp commands to the device. The above can be placed in an image recipe.
The command modifies the PermitEmptyPasswords config option in /etc/ssh/sshd_config or /etc/default/dropbear.