From ba8cfba631aaf06f58429459c23b9f9c3561b7e0 Mon Sep 17 00:00:00 2001 From: djm Date: Mon, 17 Sep 2007 01:57:38 +0000 Subject: [PATCH] - djm@cvs.openbsd.org 2007/08/23 03:22:16 [auth2-none.c sshd_config sshd_config.5] Support "Banner=none" to disable displaying of the pre-login banner; ok dtucker@ deraadt@ --- ChangeLog | 4 ++++ auth2-none.c | 7 +++++-- sshd_config | 4 ++-- sshd_config.5 | 7 ++++--- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index b16f8fd0..e2ab99d2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,10 @@ [auth.h] login_cap.h doesn't belong here NB. RCS ID sync only for portable + - djm@cvs.openbsd.org 2007/08/23 03:22:16 + [auth2-none.c sshd_config sshd_config.5] + Support "Banner=none" to disable displaying of the pre-login banner; + ok dtucker@ deraadt@ 20070914 - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path. diff --git a/auth2-none.c b/auth2-none.c index 952b4482..28e593e6 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-none.c,v 1.13 2006/08/05 07:52:52 dtucker Exp $ */ +/* $OpenBSD: auth2-none.c,v 1.14 2007/08/23 03:22:16 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -32,6 +32,7 @@ #include #include #include +#include #include "xmalloc.h" #include "key.h" @@ -106,7 +107,9 @@ userauth_banner(void) { char *banner = NULL; - if (options.banner == NULL || (datafellows & SSH_BUG_BANNER)) + if (options.banner == NULL || + strcasecmp(options.banner, "none") == 0 || + (datafellows & SSH_BUG_BANNER) != 0) return; if ((banner = PRIVSEP(auth2_read_banner())) == NULL) diff --git a/sshd_config b/sshd_config index 3393cec5..c7094e77 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $ +# $OpenBSD: sshd_config,v 1.76 2007/08/23 03:22:16 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -104,7 +104,7 @@ Protocol 2 #PermitTunnel no # no default banner path -#Banner /some/path +#Banner none # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server diff --git a/sshd_config.5 b/sshd_config.5 index 02005470..2f74cd73 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.77 2007/06/08 07:48:09 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.78 2007/08/23 03:22:16 djm Exp $ .Dd $Mdocdate$ .Dt SSHD_CONFIG 5 .Os @@ -159,10 +159,11 @@ directory. The default is .Dq .ssh/authorized_keys . .It Cm Banner -In some jurisdictions, sending a warning message before authentication -may be relevant for getting legal protection. The contents of the specified file are sent to the remote user before authentication is allowed. +If the argument is +.Dq none +then no banner is displayed. This option is only available for protocol version 2. By default, no banner is displayed. .It Cm ChallengeResponseAuthentication -- 2.45.1