From 3280398c0d956f2d2a1cb7219bd56648c499c74d Mon Sep 17 00:00:00 2001 From: markus Date: Thu, 9 Mar 2000 19:31:47 +0000 Subject: [PATCH] disallow guessing of root password --- usr.bin/ssh/sshd.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index dd57e81ab54..248177c0c80 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.90 2000/03/06 20:29:04 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.91 2000/03/09 19:31:47 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -1244,14 +1244,6 @@ do_authentication() do_authloop(pw); } - /* Check if the user is logging in as root and root logins are disallowed. */ - if (pw->pw_uid == 0 && !options.permit_root_login) { - if (forced_command) - log("Root login accepted for forced command."); - else - packet_disconnect("ROOT LOGIN REFUSED FROM %.200s", - get_canonical_hostname()); - } /* The user has been authenticated and accepted. */ packet_start(SSH_SMSG_SUCCESS); packet_send(); @@ -1489,6 +1481,21 @@ do_authloop(struct passwd * pw) break; } + /* + * Check if the user is logging in as root and root logins + * are disallowed. + * Note that root login is allowed for forced commands. + */ + if (authenticated && pw->pw_uid == 0 && !options.permit_root_login) { + if (forced_command) { + log("Root login accepted for forced command."); + } else { + authenticated = 0; + log("ROOT LOGIN REFUSED FROM %.200s", + get_canonical_hostname()); + } + } + /* Raise logging level */ if (authenticated || attempt == AUTH_FAIL_LOG || -- 2.20.1