From f879a7406d8fce37e8baf5fe724d7ed0042d57f8 Mon Sep 17 00:00:00 2001 From: Wenlin Kang Date: Thu, 30 Apr 2015 18:17:39 +0800 Subject: openssh: fix login fails for ssh -o Batchmode=yes with empty passwords The patch fixes the login fails for ssh -o Batchmode=yes when passwords is empty and without authorized_keys file even if set "PermitEmptyPasswords yes" in sshd_config file. Here, to fix this issue, we remove the file auth2-none.c-avoid-authenticate- empty-passwords-to-m.patch, that fixed broken pipe while sshd with pam, but it isn't needed any more now, because we make it has gone by change ChallengeResponseAuthentication value in sshd_config file. Signed-off-by: Wenlin Kang Signed-off-by: Richard Purdie --- ...c-avoid-authenticate-empty-passwords-to-m.patch | 30 ---------------------- .../openssh/openssh/sshd_config | 2 +- meta/recipes-connectivity/openssh/openssh_6.8p1.bb | 3 +-- 3 files changed, 2 insertions(+), 33 deletions(-) delete mode 100644 meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch diff --git a/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch b/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch deleted file mode 100644 index ba13cd1919..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch +++ /dev/null @@ -1,30 +0,0 @@ -Upstream-Status: Pending - -Subject: auth2-none.c: avoid authenticate empty passwords to mess up with PAM - -If UsePAM, PermitEmptyPasswords, PasswordAuthentication are enabled. The ssh daemon -will try to authenticate an empty password, resulting in login failures of any user. -If PAM is enabled, then we should leave the task of password authentication to PAM. - -Signed-off-by: Chen Qi - ---- - auth2-none.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/auth2-none.c b/auth2-none.c -index c8c6c74..b48b2fd 100644 ---- a/auth2-none.c -+++ b/auth2-none.c -@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt) - { - none_enabled = 0; - packet_check_eom(); -- if (options.permit_empty_passwd && options.password_authentication) -+ if (options.permit_empty_passwd && options.password_authentication && !options.use_pam) - return (PRIVSEP(auth_password(authctxt, ""))); - return (0); - } --- -1.7.9.5 - diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config index 3553669aa0..d48bd2b98d 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_config +++ b/meta/recipes-connectivity/openssh/openssh/sshd_config @@ -73,7 +73,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PermitEmptyPasswords no # Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no diff --git a/meta/recipes-connectivity/openssh/openssh_6.8p1.bb b/meta/recipes-connectivity/openssh/openssh_6.8p1.bb index 8e07e00029..b00ef6f835 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.8p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.8p1.bb @@ -20,8 +20,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar. file://sshdgenkeys.service \ file://volatiles.99_sshd \ file://add-test-support-for-busybox.patch \ - file://run-ptest \ - file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch" + file://run-ptest" PAM_SRC_URI = "file://sshd" -- cgit 1.2.3-korg