Dirk Mueller
f2379e82ce
- Only for SLE15, restore the patch file removed in Thu Feb 18 13:54:44 UTC 2021 to restore the previous behaviour from SP5 of having root password login allowed by default (fixes bsc#1223486, related to bsc#1173067): * openssh-7.7p1-allow_root_password_login.patch - Since the default value for this config option is now set to permit root to use password logins in SLE15, the openssh-server-config-rootlogin subpackage isn't useful there so we now create an openssh-server-config-disallow-rootlogin subpackage that sets the configuration the other way around than openssh-server-config-rootlogin. OBS-URL: https://build.opensuse.org/request/show/1173783 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=266
60 lines
2.1 KiB
Diff
60 lines
2.1 KiB
Diff
# HG changeset patch
|
|
# Parent af43d436bc7fe818dd976c923ad99b89051eb299
|
|
Allow root login with password by default. While less secure than upstream
|
|
default of forbidding access to the root account with a password, we are
|
|
temporarily introducing this change to keep the default used in older OpenSSH
|
|
versions shipped with SLE.
|
|
|
|
Index: openssh-8.4p1/servconf.c
|
|
===================================================================
|
|
--- openssh-8.4p1.orig/servconf.c
|
|
+++ openssh-8.4p1/servconf.c
|
|
@@ -329,7 +329,7 @@ fill_default_server_options(ServerOption
|
|
if (options->login_grace_time == -1)
|
|
options->login_grace_time = 120;
|
|
if (options->permit_root_login == PERMIT_NOT_SET)
|
|
- options->permit_root_login = PERMIT_NO_PASSWD;
|
|
+ options->permit_root_login = PERMIT_YES;
|
|
if (options->ignore_rhosts == -1)
|
|
options->ignore_rhosts = 1;
|
|
if (options->ignore_user_known_hosts == -1)
|
|
Index: openssh-8.4p1/sshd_config
|
|
===================================================================
|
|
--- openssh-8.4p1.orig/sshd_config
|
|
+++ openssh-8.4p1/sshd_config
|
|
@@ -29,7 +29,7 @@
|
|
# Authentication:
|
|
|
|
#LoginGraceTime 2m
|
|
-#PermitRootLogin prohibit-password
|
|
+PermitRootLogin yes
|
|
#StrictModes yes
|
|
#MaxAuthTries 6
|
|
#MaxSessions 10
|
|
Index: openssh-8.4p1/sshd_config.0
|
|
===================================================================
|
|
--- openssh-8.4p1.orig/sshd_config.0
|
|
+++ openssh-8.4p1/sshd_config.0
|
|
@@ -778,7 +778,7 @@ DESCRIPTION
|
|
PermitRootLogin
|
|
Specifies whether root can log in using ssh(1). The argument
|
|
must be yes, prohibit-password, forced-commands-only, or no. The
|
|
- default is prohibit-password.
|
|
+ default is yes.
|
|
|
|
If this option is set to prohibit-password (or its deprecated
|
|
alias, without-password), password and keyboard-interactive
|
|
Index: openssh-8.4p1/sshd_config.5
|
|
===================================================================
|
|
--- openssh-8.4p1.orig/sshd_config.5
|
|
+++ openssh-8.4p1/sshd_config.5
|
|
@@ -1331,7 +1331,7 @@ The argument must be
|
|
or
|
|
.Cm no .
|
|
The default is
|
|
-.Cm prohibit-password .
|
|
+.Cm yes .
|
|
.Pp
|
|
If this option is set to
|
|
.Cm prohibit-password
|