upstream commitV_7_0_P1 V_7_0

add prohibit-password as a synonymn for without-password, since the without-password is causing too many questions. Harden it to ban all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from djm, ok markus Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
author: deraadt@openbsd.org <deraadt@openbsd.org> 2015-08-06 14:53:21 +0000
committer: Damien Miller <djm@mindrot.org> 2015-08-11 18:57:29 +1000
commit: 1dc8d93ce69d6565747eb44446ed117187621b26 (patch)
tree: 68e850b1c037c7d744836000527320d11b143168 /servconf.c
parent: 90a95a4745a531b62b81ce3b025e892bdc434de5 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c
index f06e1748..6c7a91e6 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.279 2015/07/31 15:38:09 chris Exp $ */
+/* $OpenBSD: servconf.c,v 1.280 2015/08/06 14:53:21 deraadt Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -916,6 +916,7 @@ static const struct multistate multistate_addressfamily[] = {
 };
 static const struct multistate multistate_permitrootlogin[] = {
 	{ "without-password",		PERMIT_NO_PASSWD },
+	{ "prohibit-password",		PERMIT_NO_PASSWD },
 	{ "forced-commands-only",	PERMIT_FORCED_ONLY },
 	{ "yes",			PERMIT_YES },
 	{ "no",				PERMIT_NO },
author	deraadt@openbsd.org <deraadt@openbsd.org>	2015-08-06 14:53:21 +0000
committer	Damien Miller <djm@mindrot.org>	2015-08-11 18:57:29 +1000
commit	1dc8d93ce69d6565747eb44446ed117187621b26 (patch)
tree	68e850b1c037c7d744836000527320d11b143168 /servconf.c
parent	90a95a4745a531b62b81ce3b025e892bdc434de5 (diff)