Patch to restrict other auth methods from allowing root password authentication

James F. Hranicky jfh at
Sat Sep 20 00:14:30 EST 2003

The attached patch restricts any keyboard-int method from allowing root
password authentication. Other methods (bsdauth? I don't even really know what
that is) could be added as well. 

FWIW, it appears that when using the "password" method the code in auth.c 
is never reached due to the following code in auth-passwd.c:

    #ifndef HAVE_CYGWIN
            if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
                    ok = 0;

meaning that this message in auth.c isn't logged in this case:

    logit("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());

If no one has any problems with the patch I'll open a bugzilla PR.

| Jim Hranicky, Senior SysAdmin                   UF/CISE Department |
| E314D CSE Building                            Phone (352) 392-1499 |
| jfh at             |
                          About politics:
                     Don't worry about results
                   It's the thought that counts
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ossh-auth.c.patch.txt

More information about the openssh-unix-dev mailing list