see pam_permit(8) On Thu, Jun 27, 2024 at 10:37 AM Henry Qin <hq6@xxxxxxxxxxxxxxx> wrote: > > When I looked at `man pam_unix`, I did not see any obvious options that > would > cause ssh to authenticate without prompting for a password at all, short of > setting an empty password which is similar to PermitEmptyPasswords option. > > However, I am not very familiar with the internals of PAM, so pointers to > documentation would be greatly appreciated. > > Also, I think adding a single line to sshd_config is simpler for most users > to > do correctly than configuring an alternate PAM stack without breaking their > primary sshd setup, which is why I think the patch may still be useful. > > On Thu, Jun 27, 2024 at 7:57 AM Carson Gaspar <carson@xxxxxxxxxx> wrote: > > > On 6/26/2024 9:34 PM, Henry Qin wrote: > > > Hi folks, > > > > > > I've recently started to work on a patch for openssh that introduces a > > new > > > option to disable authentication. > > > I'd like to explain why I think this might be generally useful, and > > solicit > > > opinions on whether such a patch would be acceptable to the maintainers > > as > > > a pull request. > > > > Why not just use a different PAM stack? The new release allows > > specifying the stack name. This should do what you want with no code > > changes using Password / KbdInteractive AuthN. > > > > -- > > > > Carson > > > > _______________________________________________ > > openssh-unix-dev mailing list > > openssh-unix-dev@xxxxxxxxxxx > > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev