diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | auth2-none.c | 7 | ||||
| -rw-r--r-- | sshd_config | 4 | ||||
| -rw-r--r-- | sshd_config.5 | 9 |
4 files changed, 17 insertions, 9 deletions
@@ -12,6 +12,10 @@ [auth.h] login_cap.h doesn't belong here NB. RCS ID sync only for portable + - djm@cvs.openbsd.org 2007/08/23 03:22:16 + [auth2-none.c sshd_config sshd_config.5] + Support "Banner=none" to disable displaying of the pre-login banner; + ok dtucker@ deraadt@ 20070914 - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path. @@ -3209,4 +3213,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4745 2007/09/17 01:55:25 djm Exp $ +$Id: ChangeLog,v 1.4746 2007/09/17 01:57:38 djm Exp $ diff --git a/auth2-none.c b/auth2-none.c index 952b4482..28e593e6 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-none.c,v 1.13 2006/08/05 07:52:52 dtucker Exp $ */ +/* $OpenBSD: auth2-none.c,v 1.14 2007/08/23 03:22:16 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -32,6 +32,7 @@ #include <fcntl.h> #include <stdarg.h> #include <unistd.h> +#include <string.h> #include "xmalloc.h" #include "key.h" @@ -106,7 +107,9 @@ userauth_banner(void) { char *banner = NULL; - if (options.banner == NULL || (datafellows & SSH_BUG_BANNER)) + if (options.banner == NULL || + strcasecmp(options.banner, "none") == 0 || + (datafellows & SSH_BUG_BANNER) != 0) return; if ((banner = PRIVSEP(auth2_read_banner())) == NULL) diff --git a/sshd_config b/sshd_config index 3393cec5..c7094e77 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $ +# $OpenBSD: sshd_config,v 1.76 2007/08/23 03:22:16 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -104,7 +104,7 @@ Protocol 2 #PermitTunnel no # no default banner path -#Banner /some/path +#Banner none # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server diff --git a/sshd_config.5 b/sshd_config.5 index 2a283ea2..3d4afb45 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.77 2007/06/08 07:48:09 jmc Exp $ -.Dd $Mdocdate: June 8 2007 $ +.\" $OpenBSD: sshd_config.5,v 1.78 2007/08/23 03:22:16 djm Exp $ +.Dd $Mdocdate: June 11 2007 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -159,10 +159,11 @@ directory. The default is .Dq .ssh/authorized_keys . .It Cm Banner -In some jurisdictions, sending a warning message before authentication -may be relevant for getting legal protection. The contents of the specified file are sent to the remote user before authentication is allowed. +If the argument is +.Dq none +then no banner is displayed. This option is only available for protocol version 2. By default, no banner is displayed. .It Cm ChallengeResponseAuthentication |