forked from pool/openssh
96 lines
3.4 KiB
Diff
96 lines
3.4 KiB
Diff
|
# HG changeset patch
|
||
|
|
# Parent 3bf0158be93bd08d60a30a320650ea7f9844ef50
|
||
|
|
Allow root login with password by default. While less secure than upstream
|
||
|
|
default of forbidding access to the root account with a password, we are
|
||
|
|
temporarily introducing this change to keep the default used in older OpenSSH
|
||
|
|
versions shipped with SLE.
|
||
|
|
|
||
|
|
diff --git a/openssh-7.7p1/servconf.c b/openssh-7.7p1/servconf.c
|
||
|
|
--- openssh-7.7p1/servconf.c
|
||
|
|
+++ openssh-7.7p1/servconf.c
|
||
|
|
@@ -265,17 +265,17 @@ fill_default_server_options(ServerOption
|
||
|
|
options->address_family = AF_UNSPEC;
|
||
|
|
if (options->listen_addrs == NULL)
|
||
|
|
add_listen_addr(options, NULL, NULL, 0);
|
||
|
|
if (options->pid_file == NULL)
|
||
|
|
options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
|
||
|
|
if (options->login_grace_time == -1)
|
||
|
|
options->login_grace_time = 120;
|
||
|
|
if (options->permit_root_login == PERMIT_NOT_SET)
|
||
|
|
- options->permit_root_login = PERMIT_NO_PASSWD;
|
||
|
|
+ options->permit_root_login = PERMIT_YES;
|
||
|
|
if (options->ignore_rhosts == -1)
|
||
|
|
options->ignore_rhosts = 1;
|
||
|
|
if (options->ignore_user_known_hosts == -1)
|
||
|
|
options->ignore_user_known_hosts = 0;
|
||
|
|
if (options->print_motd == -1)
|
||
|
|
options->print_motd = 1;
|
||
|
|
if (options->print_lastlog == -1)
|
||
|
|
options->print_lastlog = 1;
|
||
|
|
diff --git a/openssh-7.7p1/sshd_config b/openssh-7.7p1/sshd_config
|
||
|
|
--- openssh-7.7p1/sshd_config
|
||
|
|
+++ openssh-7.7p1/sshd_config
|
||
|
|
@@ -24,17 +24,17 @@
|
||
|
|
|
||
|
|
# Logging
|
||
|
|
#SyslogFacility AUTH
|
||
|
|
#LogLevel INFO
|
||
|
|
|
||
|
|
# Authentication:
|
||
|
|
|
||
|
|
#LoginGraceTime 2m
|
||
|
|
-#PermitRootLogin prohibit-password
|
||
|
|
+#PermitRootLogin yes
|
||
|
|
#StrictModes yes
|
||
|
|
#MaxAuthTries 6
|
||
|
|
#MaxSessions 10
|
||
|
|
|
||
|
|
#PubkeyAuthentication yes
|
||
|
|
|
||
|
|
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
|
||
|
|
# but this is overridden so installations will only check .ssh/authorized_keys
|
||
|
|
diff --git a/openssh-7.7p1/sshd_config.0 b/openssh-7.7p1/sshd_config.0
|
||
|
|
--- openssh-7.7p1/sshd_config.0
|
||
|
|
+++ openssh-7.7p1/sshd_config.0
|
||
|
|
@@ -709,17 +709,17 @@ DESCRIPTION
|
||
|
|
none can be used to prohibit all forwarding requests. The
|
||
|
|
wildcard M-bM-^@M-^X*M-bM-^@M-^Y can be used for host or port to allow all hosts or
|
||
|
|
ports, respectively. By default all port forwarding requests are
|
||
|
|
permitted.
|
||
|
|
|
||
|
|
PermitRootLogin
|
||
|
|
Specifies whether root can log in using ssh(1). The argument
|
||
|
|
must be yes, prohibit-password, forced-commands-only, or no. The
|
||
|
|
- default is prohibit-password.
|
||
|
|
+ default is yes.
|
||
|
|
|
||
|
|
If this option is set to prohibit-password (or its deprecated
|
||
|
|
alias, without-password), password and keyboard-interactive
|
||
|
|
authentication are disabled for root.
|
||
|
|
|
||
|
|
If this option is set to forced-commands-only, root login with
|
||
|
|
public key authentication will be allowed, but only if the
|
||
|
|
command option has been specified (which may be useful for taking
|
||
|
|
diff --git a/openssh-7.7p1/sshd_config.5 b/openssh-7.7p1/sshd_config.5
|
||
|
|
--- openssh-7.7p1/sshd_config.5
|
||
|
|
+++ openssh-7.7p1/sshd_config.5
|
||
|
|
@@ -1220,17 +1220,17 @@ Specifies whether root can log in using
|
||
|
|
.Xr ssh 1 .
|
||
|
|
The argument must be
|
||
|
|
.Cm yes ,
|
||
|
|
.Cm prohibit-password ,
|
||
|
|
.Cm forced-commands-only ,
|
||
|
|
or
|
||
|
|
.Cm no .
|
||
|
|
The default is
|
||
|
|
-.Cm prohibit-password .
|
||
|
|
+.Cm yes .
|
||
|
|
.Pp
|
||
|
|
If this option is set to
|
||
|
|
.Cm prohibit-password
|
||
|
|
(or its deprecated alias,
|
||
|
|
.Cm without-password ) ,
|
||
|
|
password and keyboard-interactive authentication are disabled for root.
|
||
|
|
.Pp
|
||
|
|
If this option is set to
|