Re: Proposal to add a DisableAuthentication option to sshd ServerOptions

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



see pam_permit(8)


On Thu, Jun 27, 2024 at 10:37 AM Henry Qin <hq6@xxxxxxxxxxxxxxx> wrote:
>
> When I  looked at `man pam_unix`, I did not see any obvious options that
> would
> cause ssh to authenticate without prompting for a password at all, short of
> setting an empty password which is similar to PermitEmptyPasswords option.
>
> However, I am not very familiar with the internals of PAM, so pointers to
> documentation would be greatly appreciated.
>
> Also, I think adding a single line to sshd_config is simpler for most users
> to
> do correctly than configuring an alternate PAM stack without breaking their
> primary sshd setup, which is why I think the patch may still be useful.
>
> On Thu, Jun 27, 2024 at 7:57 AM Carson Gaspar <carson@xxxxxxxxxx> wrote:
>
> > On 6/26/2024 9:34 PM, Henry Qin wrote:
> > > Hi folks,
> > >
> > > I've recently started to work on a patch for openssh that introduces a
> > new
> > > option to disable authentication.
> > > I'd like to explain why I think this might be generally useful, and
> > solicit
> > > opinions on whether such a patch would be acceptable to the maintainers
> > as
> > > a pull request.
> >
> > Why not just use a different PAM stack? The new release allows
> > specifying the stack name. This should do what you want with no code
> > changes using Password / KbdInteractive AuthN.
> >
> > --
> >
> > Carson
> >
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev@xxxxxxxxxxx
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> >
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux