On 10/14/13 6:09 AM, Koen Kooi wrote:
Op 14 okt. 2013, om 12:37 heeft Paul Eggleton <[email protected]>
het volgende geschreven:
On Monday 14 October 2013 12:09:37 Koen Kooi wrote:
Currently both PAM and dropbear allow logins with empty passwords, but
openssh doesn't. This commit changes the default in openssh to allow
empty password logins.
This should be changed to be a global config option in the long run.
Signed-off-by: Koen Kooi <[email protected]>
---
meta/recipes-connectivity/openssh/openssh-6.2p2/sshd_config | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd_config
b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd_config index
4f9b626..175e8f3 100644
--- a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd_config
+++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd_config
@@ -59,7 +59,7 @@ Protocol 2
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
-#PermitEmptyPasswords no
+PermitEmptyPasswords yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
We do already have logic in image.bbclass to set this based upon debug-tweaks
being in IMAGE_FEATURES; is that not working for you?
I haven't tried that, but that still doesn't fix the inconsistency issues and
presents problems during package upgrades.
If the behavior is inconsistent, then the fix should be to PAM, dropbear and the
debug-tweaks. (I'm really wondering if this behavior should be able to be run
w/o the rest of the debug-tweaks.)
But the default, for security purposes, should be no root login.
--Mark
regards,
Koen
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
