When I looked at `man pam_unix`, I did not see any obvious options that would cause ssh to authenticate without prompting for a password at all, short of setting an empty password which is similar to PermitEmptyPasswords option. However, I am not very familiar with the internals of PAM, so pointers to documentation would be greatly appreciated. Also, I think adding a single line to sshd_config is simpler for most users to do correctly than configuring an alternate PAM stack without breaking their primary sshd setup, which is why I think the patch may still be useful. On Thu, Jun 27, 2024 at 7:57 AM Carson Gaspar <carson@xxxxxxxxxx> wrote: > On 6/26/2024 9:34 PM, Henry Qin wrote: > > Hi folks, > > > > I've recently started to work on a patch for openssh that introduces a > new > > option to disable authentication. > > I'd like to explain why I think this might be generally useful, and > solicit > > opinions on whether such a patch would be acceptable to the maintainers > as > > a pull request. > > Why not just use a different PAM stack? The new release allows > specifying the stack name. This should do what you want with no code > changes using Password / KbdInteractive AuthN. > > -- > > Carson > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev