From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mail.openembedded.org (Postfix) with ESMTP id B67556CC92 for ; Mon, 14 Oct 2013 11:27:45 +0000 (UTC) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga102.fm.intel.com with ESMTP; 14 Oct 2013 04:27:47 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.93,492,1378882800"; d="scan'208";a="416474226" Received: from unknown (HELO helios.localnet) ([10.252.120.188]) by fmsmga002.fm.intel.com with ESMTP; 14 Oct 2013 04:27:46 -0700 From: Paul Eggleton To: Koen Kooi Date: Mon, 14 Oct 2013 12:27:45 +0100 Message-ID: <3629318.cbsHQ1o6XL@helios> Organization: Intel Corporation User-Agent: KMail/4.10.5 (Linux/3.8.0-31-generic; KDE/4.10.5; i686; ; ) In-Reply-To: References: <1381745377-6129-1-git-send-email-koen@dominion.thruhere.net> <2930108.6fy5UNzbWP@helios> MIME-Version: 1.0 Cc: openembedded-core@lists.openembedded.org Subject: Re: [PATCHv2] openssh: allow login with empty password X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Oct 2013 11:27:46 -0000 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" On Monday 14 October 2013 13:09:55 Koen Kooi wrote: > Op 14 okt. 2013, om 12:37 heeft Paul Eggleton > het volgende geschreven: > > On Monday 14 October 2013 12:09:37 Koen Kooi wrote: > >> Currently both PAM and dropbear allow logins with empty passwords, but > >> openssh doesn't. This commit changes the default in openssh to allow > >> empty password logins. > >> > >> This should be changed to be a global config option in the long run. > >> > >> Signed-off-by: Koen Kooi > >> --- > >> meta/recipes-connectivity/openssh/openssh-6.2p2/sshd_config | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd_config > >> b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd_config index > >> 4f9b626..175e8f3 100644 > >> --- a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd_config > >> +++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd_config > >> @@ -59,7 +59,7 @@ Protocol 2 > >> > >> # To disable tunneled clear text passwords, change to no here! > >> #PasswordAuthentication yes > >> -#PermitEmptyPasswords no > >> +PermitEmptyPasswords yes > >> > >> # Change to no to disable s/key passwords > >> #ChallengeResponseAuthentication yes > > > > We do already have logic in image.bbclass to set this based upon > > debug-tweaks being in IMAGE_FEATURES; is that not working for you? > > I haven't tried that, but that still doesn't fix the inconsistency issues > and presents problems during package upgrades. It shouldn't be an issue for package upgrades - ${sysconfdir}/ssh/sshd_config is included in CONFFILES for openssh-sshd. Cheers, Paul -- Paul Eggleton Intel Open Source Technology Centre