openssh: fix login fails for ssh -o Batchmode=yes with empty passwords

The patch fixes the login fails for ssh -o Batchmode=yes when passwords is empty and without authorized_keys file even if set "PermitEmptyPasswords yes" in sshd_config file. Here, to fix this issue, we remove the file auth2-none.c-avoid-authenticate- empty-passwords-to-m.patch, that fixed broken pipe while sshd with pam, but it isn't needed any more now, because we make it has gone by change ChallengeResponseAuthentication value in sshd_config file. (From OE-Core rev: f879a7406d8fce37e8baf5fe724d7ed0042d57f8) Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-04-30 18:17:39 +08:00 · 2015-04-30 18:17:39 +08:00 · 90972c9518
parent aa2b6362ef
commit 90972c9518
3 changed files with 2 additions and 33 deletions
--- a/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch
+++ b/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch
@ -1,30 +0,0 @@
-Upstream-Status: Pending
-
-Subject: auth2-none.c: avoid authenticate empty passwords to mess up with PAM
-
-If UsePAM, PermitEmptyPasswords, PasswordAuthentication are enabled. The ssh daemon
-will try to authenticate an empty password, resulting in login failures of any user.
-If PAM is enabled, then we should leave the task of password authentication to PAM.
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
-
---
- auth2-none.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/auth2-none.c b/auth2-none.c
-index c8c6c74..b48b2fd 100644
--- a/auth2-none.c
-+++ b/auth2-none.c
-@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt)
- {
- 	none_enabled = 0;
- 	packet_check_eom();
-	if (options.permit_empty_passwd && options.password_authentication)
-+	if (options.permit_empty_passwd && options.password_authentication && !options.use_pam)
- 		return (PRIVSEP(auth_password(authctxt, "")));
- 	return (0);
- }
-- 
-1.7.9.5
-
--- a/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@ -73,7 +73,7 @@ AuthorizedKeysFile .ssh/authorized_keys
 #PermitEmptyPasswords no

 # Change to no to disable s/key passwords
-#ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no

 # Kerberos options
 #KerberosAuthentication no
--- a/meta/recipes-connectivity/openssh/openssh_6.8p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.8p1.bb
@ -20,8 +20,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
           file://sshdgenkeys.service \
           file://volatiles.99_sshd \
           file://add-test-support-for-busybox.patch \
-           file://run-ptest \
-           file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch"
+           file://run-ptest"

 PAM_SRC_URI = "file://sshd"