- dtucker@cvs.openbsd.org 2008/01/01 09:27:33
[sshd_config.5 servconf.c]
Allow PermitRootLogin in a Match block. Allows for, eg, permitting root
only from the local network. ok markus@, man page bit ok jmc@
diff --git a/ChangeLog b/ChangeLog
index 2b7eb2a..5bd495c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,6 +19,10 @@
If scp -p encounters a pre-epoch timestamp, use the epoch which is
as close as we can get given that it's used unsigned. Add a little
debugging while there. bz #828, ok djm@
+ - dtucker@cvs.openbsd.org 2008/01/01 09:27:33
+ [sshd_config.5 servconf.c]
+ Allow PermitRootLogin in a Match block. Allows for, eg, permitting root
+ only from the local network. ok markus@, man page bit ok jmc@
20071231
- (dtucker) [configure.ac openbsd-compat/glob.{c,h}] Bug #1407: force use of
@@ -3509,4 +3513,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4814 2008/01/01 09:36:25 dtucker Exp $
+$Id: ChangeLog,v 1.4815 2008/01/01 09:36:56 dtucker Exp $
diff --git a/servconf.c b/servconf.c
index 4e3140f..19c286c 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.174 2007/12/31 10:41:31 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.175 2008/01/01 09:27:33 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -321,7 +321,7 @@
{ "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL },
{ "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
{ "keyregenerationinterval", sKeyRegenerationTime, SSHCFG_GLOBAL },
- { "permitrootlogin", sPermitRootLogin, SSHCFG_GLOBAL },
+ { "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
{ "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
{ "loglevel", sLogLevel, SSHCFG_GLOBAL },
{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
@@ -806,7 +806,7 @@
fatal("%s line %d: Bad yes/"
"without-password/forced-commands-only/no "
"argument: %s", filename, linenum, arg);
- if (*intptr == -1)
+ if (*activep && *intptr == -1)
*intptr = value;
break;
@@ -1351,6 +1351,7 @@
M_CP_INTOPT(kerberos_authentication);
M_CP_INTOPT(hostbased_authentication);
M_CP_INTOPT(kbd_interactive_authentication);
+ M_CP_INTOPT(permit_root_login);
M_CP_INTOPT(allow_tcp_forwarding);
M_CP_INTOPT(gateway_ports);
diff --git a/sshd_config.5 b/sshd_config.5
index 3d4afb4..aa6720d 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.78 2007/08/23 03:22:16 djm Exp $
-.Dd $Mdocdate: June 11 2007 $
+.\" $OpenBSD: sshd_config.5,v 1.79 2008/01/01 09:27:33 dtucker Exp $
+.Dd $Mdocdate: January 1 2008 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -524,6 +524,7 @@
.Cm KerberosAuthentication ,
.Cm PasswordAuthentication ,
.Cm PermitOpen ,
+.Cm PermitRootLogin ,
.Cm RhostsRSAAuthentication ,
.Cm RSAAuthentication ,
.Cm X11DisplayOffset ,