From 58fef5f8092b937caa2a11648f3937e17f718d81 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Fri, 26 Sep 2008 17:51:12 -0400 Subject: add variable sshd_permit_empty_passwords, with the default set to no --- templates/sshd_config/CentOS_normal.erb | 8 +++++++- templates/sshd_config/Debian_normal.erb | 4 ++++ templates/sshd_config/Gentoo_normal.erb | 8 +++++++- templates/sshd_config/OpenBSD_normal.erb | 8 +++++++- 4 files changed, 25 insertions(+), 3 deletions(-) (limited to 'templates/sshd_config') diff --git a/templates/sshd_config/CentOS_normal.erb b/templates/sshd_config/CentOS_normal.erb index a784842..92ba92e 100644 --- a/templates/sshd_config/CentOS_normal.erb +++ b/templates/sshd_config/CentOS_normal.erb @@ -94,7 +94,13 @@ PasswordAuthentication yes <%- else %> PasswordAuthentication no <%- end %> -#PermitEmptyPasswords no + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +<%- if real_sshd_empty_passwords.to_s == 'yes' then %> +PermitEmptyPasswords yes +<% else -%> +PermitEmptyPasswords no +<% end -%> # Change to no to disable s/key passwords <%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %> diff --git a/templates/sshd_config/Debian_normal.erb b/templates/sshd_config/Debian_normal.erb index cf24953..92cb7b0 100644 --- a/templates/sshd_config/Debian_normal.erb +++ b/templates/sshd_config/Debian_normal.erb @@ -78,7 +78,11 @@ HostbasedAuthentication no #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) +<%- if real_sshd_empty_passwords.to_s == 'yes' then %> +PermitEmptyPasswords yes +<% else -%> PermitEmptyPasswords no +<% end -%> # Change to no to disable s/key passwords <%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %> diff --git a/templates/sshd_config/Gentoo_normal.erb b/templates/sshd_config/Gentoo_normal.erb index 57a80a1..a9f9916 100644 --- a/templates/sshd_config/Gentoo_normal.erb +++ b/templates/sshd_config/Gentoo_normal.erb @@ -97,7 +97,13 @@ PasswordAuthentication yes <%- else %> PasswordAuthentication no <%- end %> -#PermitEmptyPasswords no + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +<%- if real_sshd_empty_passwords.to_s == 'yes' then %> +PermitEmptyPasswords yes +<% else -%> +PermitEmptyPasswords no +<% end -%> # Change to no to disable s/key passwords <%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %> diff --git a/templates/sshd_config/OpenBSD_normal.erb b/templates/sshd_config/OpenBSD_normal.erb index 1de6a55..dd6bb69 100644 --- a/templates/sshd_config/OpenBSD_normal.erb +++ b/templates/sshd_config/OpenBSD_normal.erb @@ -91,7 +91,13 @@ PasswordAuthentication yes <%- else %> PasswordAuthentication no <%- end %> -#PermitEmptyPasswords no + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +<%- if real_sshd_empty_passwords.to_s == 'yes' then %> +PermitEmptyPasswords yes +<% else -%> +PermitEmptyPasswords no +<% end -%> # Change to no to disable s/key passwords <%- if real_sshd_challenge_response_authentication.to_s == 'yes' then %> -- cgit v1.2.3