[OE-core] [PATCH] openssh: allow root login when debug-tweaks is enabled
Saul Wold
sgw at linux.intel.com
Fri Sep 7 18:17:29 UTC 2012
This allows root to login over ssh with an empty password just like
dropbear when the debug-tweaks are enabled, it's important to disable
debug-tweaks for a production system as this will leave open a security
hole!
Thanks to Marc for the settings.
Cc: Marc Ferland <marc.ferland at gmail.com>
[Yocto #3078]
Signed-off-by: Saul Wold <sgw at linux.intel.com>
---
meta/recipes-connectivity/openssh/openssh_6.0p1.bb | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
index 31202d4..fcd082c 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
@@ -7,7 +7,7 @@ SECTION = "console/network"
LICENSE = "BSD"
LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
-PR = "r3"
+PR = "r4"
DEPENDS = "zlib openssl"
DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
@@ -75,6 +75,13 @@ do_install_append () {
install -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
fi
done
+ for i in ${IMAGE_FEATURES};
+ do
+ if [ ${i} = "debug-tweaks" ]; then
+ sed -i -e "s/^#PermitRootLogin/PermitRootLogin/" ${D}${sysconfdir}/ssh/sshd_config
+ sed -i -e "s/^#PermitEmptyPasswords no/PermitEmptyPasswords yes/" ${D}${sysconfdir}/ssh/sshd_config
+ fi
+ done
install -d ${D}${sysconfdir}/init.d
install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
--
1.7.7.6
More information about the Openembedded-core
mailing list