diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2000-03-09 19:31:48 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2000-03-09 19:31:48 +0000 |
| commit | d2130bf05cf30fdef7a0f5289ab80153fa2f83fb (patch) | |
| tree | 793f7f5e4b3a0280eee9036f4eb2f99de7634201 | |
| parent | eb3beced06d04e849a817c1a06b68cab7c5fb07f (diff) | |
disallow guessing of root password
| -rw-r--r-- | usr.bin/ssh/sshd.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index dd57e81ab54..248177c0c80 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.90 2000/03/06 20:29:04 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.91 2000/03/09 19:31:47 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -1244,14 +1244,6 @@ do_authentication() do_authloop(pw); } - /* Check if the user is logging in as root and root logins are disallowed. */ - if (pw->pw_uid == 0 && !options.permit_root_login) { - if (forced_command) - log("Root login accepted for forced command."); - else - packet_disconnect("ROOT LOGIN REFUSED FROM %.200s", - get_canonical_hostname()); - } /* The user has been authenticated and accepted. */ packet_start(SSH_SMSG_SUCCESS); packet_send(); @@ -1489,6 +1481,21 @@ do_authloop(struct passwd * pw) break; } + /* + * Check if the user is logging in as root and root logins + * are disallowed. + * Note that root login is allowed for forced commands. + */ + if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) { + if (forced_command) { + log("Root login accepted for forced command."); + } else { + authenticated = 0; + log("ROOT LOGIN REFUSED FROM %.200s", + get_canonical_hostname()); + } + } + /* Raise logging level */ if (authenticated || attempt == AUTH_FAIL_LOG || |