3 files changed, 2 insertions, 33 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch b/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch
deleted file mode 100644
index ba13cd1919..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Upstream-Status: Pending
-Subject: auth2-none.c: avoid authenticate empty passwords to mess up with PAM
-If UsePAM, PermitEmptyPasswords, PasswordAuthentication are enabled. The ssh daemon
-will try to authenticate an empty password, resulting in login failures of any user.
-If PAM is enabled, then we should leave the task of password authentication to PAM.
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
- auth2-none.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/auth2-none.c b/auth2-none.c
-index c8c6c74..b48b2fd 100644
--- a/auth2-none.c
-+++ b/auth2-none.c
-@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt)
- {
-        none_enabled = 0;
-        packet_check_eom();
-       if (options.permit_empty_passwd && options.password_authentication)
-+       if (options.permit_empty_passwd && options.password_authentication && !options.use_pam)
-                return (PRIVSEP(auth_password(authctxt, "")));
-        return (0);
- }
-- 
-1.7.9.5
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config
index 3553669aa0..d48bd2b98d 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -73,7 +73,7 @@ AuthorizedKeysFile .ssh/authorized_keys
 #PermitEmptyPasswords no
 # Change to no to disable s/key passwords
-#ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
 # Kerberos options
 #KerberosAuthentication no
diff --git a/meta/recipes-connectivity/openssh/openssh_6.8p1.bb b/meta/recipes-connectivity/openssh/openssh_6.8p1.bb
index 8e07e00029..b00ef6f835 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.8p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.8p1.bb
@@ -20,8 +20,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
           file://sshdgenkeys.service \
           file://volatiles.99_sshd \
           file://add-test-support-for-busybox.patch \
-           file://run-ptest \
+           file://run-ptest"
-           file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch"
 PAM_SRC_URI = "file://sshd"

diff --git a/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch b/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch deleted file mode 100644 index ba13cd1919..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch +++ /dev/null
@@ -1,30 +0,0 @@
1	Upstream-Status: Pending
2
3	Subject: auth2-none.c: avoid authenticate empty passwords to mess up with PAM
4
5	If UsePAM, PermitEmptyPasswords, PasswordAuthentication are enabled. The ssh daemon
6	will try to authenticate an empty password, resulting in login failures of any user.
7	If PAM is enabled, then we should leave the task of password authentication to PAM.
8
9	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
10
11	---
12	auth2-none.c \| 2 +-
13	1 file changed, 1 insertion(+), 1 deletion(-)
14
15	diff --git a/auth2-none.c b/auth2-none.c
16	index c8c6c74..b48b2fd 100644
17	--- a/auth2-none.c
18	+++ b/auth2-none.c
19	@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt)
20	{
21	none_enabled = 0;
22	packet_check_eom();
23	- if (options.permit_empty_passwd && options.password_authentication)
24	+ if (options.permit_empty_passwd && options.password_authentication && !options.use_pam)
25	return (PRIVSEP(auth_password(authctxt, "")));
26	return (0);
27	}
28	--
29	1.7.9.5
30


diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config index 3553669aa0..d48bd2b98d 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_config +++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -73,7 +73,7 @@ AuthorizedKeysFile .ssh/authorized_keys
73	#PermitEmptyPasswords no	73	#PermitEmptyPasswords no
74		74
75	# Change to no to disable s/key passwords	75	# Change to no to disable s/key passwords
76	#ChallengeResponseAuthentication yes	76	ChallengeResponseAuthentication no
77		77
78	# Kerberos options	78	# Kerberos options
79	#KerberosAuthentication no	79	#KerberosAuthentication no


diff --git a/meta/recipes-connectivity/openssh/openssh_6.8p1.bb b/meta/recipes-connectivity/openssh/openssh_6.8p1.bb index 8e07e00029..b00ef6f835 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.8p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.8p1.bb
@@ -20,8 +20,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
20	file://sshdgenkeys.service \	20	file://sshdgenkeys.service \
21	file://volatiles.99_sshd \	21	file://volatiles.99_sshd \
22	file://add-test-support-for-busybox.patch \	22	file://add-test-support-for-busybox.patch \
23	file://run-ptest \	23	file://run-ptest"
24	file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch"
25		24
26	PAM_SRC_URI = "file://sshd"	25	PAM_SRC_URI = "file://sshd"
27		26