diff options
author | Wenlin Kang <wenlin.kang@windriver.com> | 2015-04-30 18:17:39 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-05-03 11:39:47 +0100 |
commit | f879a7406d8fce37e8baf5fe724d7ed0042d57f8 (patch) | |
tree | 099940372ef500327d3a09c9aafcbb79e8598151 | |
parent | 1bb2c58ef7de3a1d52b4a29ca3cc230defe6c21d (diff) | |
download | openembedded-core-f879a7406d8fce37e8baf5fe724d7ed0042d57f8.tar.gz openembedded-core-f879a7406d8fce37e8baf5fe724d7ed0042d57f8.tar.bz2 openembedded-core-f879a7406d8fce37e8baf5fe724d7ed0042d57f8.zip |
openssh: fix login fails for ssh -o Batchmode=yes with empty passwords
The patch fixes the login fails for ssh -o Batchmode=yes when passwords is
empty and without authorized_keys file even if set "PermitEmptyPasswords yes"
in sshd_config file.
Here, to fix this issue, we remove the file auth2-none.c-avoid-authenticate-
empty-passwords-to-m.patch, that fixed broken pipe while sshd with pam,
but it isn't needed any more now, because we make it has gone by change
ChallengeResponseAuthentication value in sshd_config file.
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
3 files changed, 2 insertions, 33 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch b/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch deleted file mode 100644 index ba13cd1919..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch +++ /dev/null @@ -1,30 +0,0 @@ -Upstream-Status: Pending - -Subject: auth2-none.c: avoid authenticate empty passwords to mess up with PAM - -If UsePAM, PermitEmptyPasswords, PasswordAuthentication are enabled. The ssh daemon -will try to authenticate an empty password, resulting in login failures of any user. -If PAM is enabled, then we should leave the task of password authentication to PAM. - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> - ---- - auth2-none.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/auth2-none.c b/auth2-none.c -index c8c6c74..b48b2fd 100644 ---- a/auth2-none.c -+++ b/auth2-none.c -@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt) - { - none_enabled = 0; - packet_check_eom(); -- if (options.permit_empty_passwd && options.password_authentication) -+ if (options.permit_empty_passwd && options.password_authentication && !options.use_pam) - return (PRIVSEP(auth_password(authctxt, ""))); - return (0); - } --- -1.7.9.5 - diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config index 3553669aa0..d48bd2b98d 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_config +++ b/meta/recipes-connectivity/openssh/openssh/sshd_config @@ -73,7 +73,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitEmptyPasswords no # Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no diff --git a/meta/recipes-connectivity/openssh/openssh_6.8p1.bb b/meta/recipes-connectivity/openssh/openssh_6.8p1.bb index 8e07e00029..b00ef6f835 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.8p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.8p1.bb @@ -20,8 +20,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar. file://sshdgenkeys.service \ file://volatiles.99_sshd \ file://add-test-support-for-busybox.patch \ - file://run-ptest \ - file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch" + file://run-ptest" PAM_SRC_URI = "file://sshd" |