From patchwork Fri Sep 7 22:20:03 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: openssh: allow root login when debug-tweaks is enabled Date: Fri, 07 Sep 2012 22:20:03 -0000 From: Saul Wold X-Patchwork-Id: 36153 Message-Id: <1347056403-19501-1-git-send-email-sgw@linux.intel.com> To: openembedded-core@lists.openembedded.org Cc: Marc Ferland This allows root to login over ssh with an empty password just like dropbear when the debug-tweaks are enabled, it's important to disable debug-tweaks for a production system as this will leave open a security hole! Thanks to Marc for the settings. Cc: Marc Ferland [Yocto #3078] Signed-off-by: Saul Wold --- meta/recipes-connectivity/openssh/openssh_6.0p1.bb | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb index 31202d4..fcd082c 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb @@ -7,7 +7,7 @@ SECTION = "console/network" LICENSE = "BSD" LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507" -PR = "r3" +PR = "r4" DEPENDS = "zlib openssl" DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" @@ -75,6 +75,13 @@ do_install_append () { install -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd fi done + for i in ${IMAGE_FEATURES}; + do + if [ ${i} = "debug-tweaks" ]; then + sed -i -e "s/^#PermitRootLogin/PermitRootLogin/" ${D}${sysconfdir}/ssh/sshd_config + sed -i -e "s/^#PermitEmptyPasswords no/PermitEmptyPasswords yes/" ${D}${sysconfdir}/ssh/sshd_config + fi + done install -d ${D}${sysconfdir}/init.d install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin