upstream commit add prohibit-password as a synonymn for without-password, since the without-password is causing too many questions. Harden it to ban all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from djm, ok markus Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a

commit: 1dc8d93ce69d6565747eb44446ed117187621b26 [log] [tgz]
author: deraadt@openbsd.org <deraadt@openbsd.org> Thu Aug 06 14:53:21 2015 +0000
committer: Damien Miller <djm@mindrot.org> Tue Aug 11 18:57:29 2015 +1000
tree: 68e850b1c037c7d744836000527320d11b143168
parent: 90a95a4745a531b62b81ce3b025e892bdc434de5 [diff] [blame]
diff --git a/servconf.c b/servconf.c
index f06e174..6c7a91e 100644
--- a/servconf.c
+++ b/servconf.c

@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.279 2015/07/31 15:38:09 chris Exp $ */
+/* $OpenBSD: servconf.c,v 1.280 2015/08/06 14:53:21 deraadt Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -916,6 +916,7 @@
 };
 static const struct multistate multistate_permitrootlogin[] = {
 	{ "without-password",		PERMIT_NO_PASSWD },
+	{ "prohibit-password",		PERMIT_NO_PASSWD },
 	{ "forced-commands-only",	PERMIT_FORCED_ONLY },
 	{ "yes",			PERMIT_YES },
 	{ "no",				PERMIT_NO },
commit	1dc8d93ce69d6565747eb44446ed117187621b26	[log] [tgz]
author	deraadt@openbsd.org <deraadt@openbsd.org>	Thu Aug 06 14:53:21 2015 +0000
committer	Damien Miller <djm@mindrot.org>	Tue Aug 11 18:57:29 2015 +1000
tree	68e850b1c037c7d744836000527320d11b143168
parent	90a95a4745a531b62b81ce3b025e892bdc434de5 [diff] [blame]