[oe-commits] Wenlin Kang : openssh: fix login fails for ssh -o Batchmode= yes with empty passwords
git at git.openembedded.org
git at git.openembedded.org
Fri May 1 16:09:41 UTC 2015
Module: openembedded-core.git
Branch: master-next
Commit: 7028dd62858a62d8d64d5e1f52b0d9501a58f67b
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=7028dd62858a62d8d64d5e1f52b0d9501a58f67b
Author: Wenlin Kang <wenlin.kang at windriver.com>
Date: Thu Apr 30 18:17:39 2015 +0800
openssh: fix login fails for ssh -o Batchmode=yes with empty passwords
The patch fixes the login fails for ssh -o Batchmode=yes when passwords is
empty and without authorized_keys file even if set "PermitEmptyPasswords yes"
in sshd_config file.
Here, to fix this issue, we remove the file auth2-none.c-avoid-authenticate-
empty-passwords-to-m.patch, that fixed broken pipe while sshd with pam,
but it isn't needed any more now, because we make it has gone by change
ChallengeResponseAuthentication value in sshd_config file.
Signed-off-by: Wenlin Kang <wenlin.kang at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
---
...c-avoid-authenticate-empty-passwords-to-m.patch | 30 ----------------------
.../openssh/openssh/sshd_config | 2 +-
meta/recipes-connectivity/openssh/openssh_6.8p1.bb | 3 +--
3 files changed, 2 insertions(+), 33 deletions(-)
diff --git a/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch b/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch
deleted file mode 100644
index ba13cd1..0000000
--- a/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Upstream-Status: Pending
-
-Subject: auth2-none.c: avoid authenticate empty passwords to mess up with PAM
-
-If UsePAM, PermitEmptyPasswords, PasswordAuthentication are enabled. The ssh daemon
-will try to authenticate an empty password, resulting in login failures of any user.
-If PAM is enabled, then we should leave the task of password authentication to PAM.
-
-Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
-
----
- auth2-none.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/auth2-none.c b/auth2-none.c
-index c8c6c74..b48b2fd 100644
---- a/auth2-none.c
-+++ b/auth2-none.c
-@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt)
- {
- none_enabled = 0;
- packet_check_eom();
-- if (options.permit_empty_passwd && options.password_authentication)
-+ if (options.permit_empty_passwd && options.password_authentication && !options.use_pam)
- return (PRIVSEP(auth_password(authctxt, "")));
- return (0);
- }
---
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config
index 3553669..d48bd2b 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -73,7 +73,7 @@ AuthorizedKeysFile .ssh/authorized_keys
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
-#ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
diff --git a/meta/recipes-connectivity/openssh/openssh_6.8p1.bb b/meta/recipes-connectivity/openssh/openssh_6.8p1.bb
index 8e07e00..b00ef6f 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.8p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.8p1.bb
@@ -20,8 +20,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
file://sshdgenkeys.service \
file://volatiles.99_sshd \
file://add-test-support-for-busybox.patch \
- file://run-ptest \
- file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch"
+ file://run-ptest"
PAM_SRC_URI = "file://sshd"
More information about the Openembedded-commits
mailing list