Antonio Larrosa
fef1b16e66
commented out). The keycat binary isn't really installed nor supported, so we can drop it, except for the code that is used by other SELinux patches, which is what I kept from that patch (boo#1229072). - Add patch submitted to upstream to fix RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (boo#1229010). * 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=274
60 lines
2.1 KiB
Diff
60 lines
2.1 KiB
Diff
# HG changeset patch
|
|
# Parent af43d436bc7fe818dd976c923ad99b89051eb299
|
|
Allow root login with password by default. While less secure than upstream
|
|
default of forbidding access to the root account with a password, we are
|
|
temporarily introducing this change to keep the default used in older OpenSSH
|
|
versions shipped with SLE.
|
|
|
|
Index: openssh-8.4p1/servconf.c
|
|
===================================================================
|
|
--- openssh-8.4p1.orig/servconf.c
|
|
+++ openssh-8.4p1/servconf.c
|
|
@@ -329,7 +329,7 @@ fill_default_server_options(ServerOption
|
|
if (options->login_grace_time == -1)
|
|
options->login_grace_time = 120;
|
|
if (options->permit_root_login == PERMIT_NOT_SET)
|
|
- options->permit_root_login = PERMIT_NO_PASSWD;
|
|
+ options->permit_root_login = PERMIT_YES;
|
|
if (options->ignore_rhosts == -1)
|
|
options->ignore_rhosts = 1;
|
|
if (options->ignore_user_known_hosts == -1)
|
|
Index: openssh-8.4p1/sshd_config
|
|
===================================================================
|
|
--- openssh-8.4p1.orig/sshd_config
|
|
+++ openssh-8.4p1/sshd_config
|
|
@@ -29,7 +29,7 @@
|
|
# Authentication:
|
|
|
|
#LoginGraceTime 2m
|
|
-#PermitRootLogin prohibit-password
|
|
+PermitRootLogin yes
|
|
#StrictModes yes
|
|
#MaxAuthTries 6
|
|
#MaxSessions 10
|
|
Index: openssh-8.4p1/sshd_config.0
|
|
===================================================================
|
|
--- openssh-8.4p1.orig/sshd_config.0
|
|
+++ openssh-8.4p1/sshd_config.0
|
|
@@ -778,7 +778,7 @@ DESCRIPTION
|
|
PermitRootLogin
|
|
Specifies whether root can log in using ssh(1). The argument
|
|
must be yes, prohibit-password, forced-commands-only, or no. The
|
|
- default is prohibit-password.
|
|
+ default is yes.
|
|
|
|
If this option is set to prohibit-password (or its deprecated
|
|
alias, without-password), password and keyboard-interactive
|
|
Index: openssh-8.4p1/sshd_config.5
|
|
===================================================================
|
|
--- openssh-8.4p1.orig/sshd_config.5
|
|
+++ openssh-8.4p1/sshd_config.5
|
|
@@ -1331,7 +1331,7 @@ The argument must be
|
|
or
|
|
.Cm no .
|
|
The default is
|
|
-.Cm prohibit-password .
|
|
+.Cm yes .
|
|
.Pp
|
|
If this option is set to
|
|
.Cm prohibit-password
|