- djm@cvs.openbsd.org 2007/08/23 03:22:16
[auth2-none.c sshd_config sshd_config.5]
Support "Banner=none" to disable displaying of the pre-login banner;
ok dtucker@ deraadt@
diff --git a/ChangeLog b/ChangeLog
index 348f7c1..9724473 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,10 @@
[auth.h]
login_cap.h doesn't belong here
NB. RCS ID sync only for portable
+ - djm@cvs.openbsd.org 2007/08/23 03:22:16
+ [auth2-none.c sshd_config sshd_config.5]
+ Support "Banner=none" to disable displaying of the pre-login banner;
+ ok dtucker@ deraadt@
20070914
- (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
@@ -3209,4 +3213,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4745 2007/09/17 01:55:25 djm Exp $
+$Id: ChangeLog,v 1.4746 2007/09/17 01:57:38 djm Exp $
diff --git a/auth2-none.c b/auth2-none.c
index 952b448..28e593e 100644
--- a/auth2-none.c
+++ b/auth2-none.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-none.c,v 1.13 2006/08/05 07:52:52 dtucker Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.14 2007/08/23 03:22:16 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -32,6 +32,7 @@
#include <fcntl.h>
#include <stdarg.h>
#include <unistd.h>
+#include <string.h>
#include "xmalloc.h"
#include "key.h"
@@ -106,7 +107,9 @@
{
char *banner = NULL;
- if (options.banner == NULL || (datafellows & SSH_BUG_BANNER))
+ if (options.banner == NULL ||
+ strcasecmp(options.banner, "none") == 0 ||
+ (datafellows & SSH_BUG_BANNER) != 0)
return;
if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
diff --git a/sshd_config b/sshd_config
index 3393cec..c7094e7 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $
+# $OpenBSD: sshd_config,v 1.76 2007/08/23 03:22:16 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -104,7 +104,7 @@
#PermitTunnel no
# no default banner path
-#Banner /some/path
+#Banner none
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
diff --git a/sshd_config.5 b/sshd_config.5
index 2a283ea..3d4afb4 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.77 2007/06/08 07:48:09 jmc Exp $
-.Dd $Mdocdate: June 8 2007 $
+.\" $OpenBSD: sshd_config.5,v 1.78 2007/08/23 03:22:16 djm Exp $
+.Dd $Mdocdate: June 11 2007 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -159,10 +159,11 @@
The default is
.Dq .ssh/authorized_keys .
.It Cm Banner
-In some jurisdictions, sending a warning message before authentication
-may be relevant for getting legal protection.
The contents of the specified file are sent to the remote user before
authentication is allowed.
+If the argument is
+.Dq none
+then no banner is displayed.
This option is only available for protocol version 2.
By default, no banner is displayed.
.It Cm ChallengeResponseAuthentication