On Thu, Feb 17, 2000 at 12:30:31PM +0200, Itamar Shtull-Trauring
wrote:> I set sshd to deny root login. But I still get a password prompt! So if I
> get the password right, I get one error message:
>
> Received disconnect: ROOT LOGIN REFUSED FROM example.com
>
> while if I simply put in a wrong password three times I get
>
> Permission denied.
>
> If this means I set it up wrong please mail me directly - I'm not
subscribed
> to the list. Otherwise please fix this.
could you please try this:
Index: sshd.c
==================================================================RCS file:
/home/markus/cvs/ssh/sshd.c,v
retrieving revision 1.88
diff -u -p -r1.88 sshd.c
--- sshd.c 2000/02/15 16:52:57 1.88
+++ sshd.c 2000/02/17 11:03:08
@@ -1244,14 +1244,6 @@ do_authentication()
do_authloop(pw);
}
- /* Check if the user is logging in as root and root logins are disallowed. */
- if (pw->pw_uid == 0 && !options.permit_root_login) {
- if (forced_command)
- log("Root login accepted for forced command.");
- else
- packet_disconnect("ROOT LOGIN REFUSED FROM %.200s",
- get_canonical_hostname());
- }
/* The user has been authenticated and accepted. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
@@ -1487,6 +1479,21 @@ do_authloop(struct passwd * pw)
*/
log("Unknown message during authentication: type %d", type);
break;
+ }
+
+ /*
+ * Check if the user is logging in as root and root logins
+ * are disallowed.
+ * Note that root login is allowed for forced commands.
+ */
+ if (authenticated && pw->pw_uid == 0 &&
!options.permit_root_login) {
+ if (forced_command) {
+ log("Root login accepted for forced command.");
+ } else {
+ authenticated = 0;
+ log("ROOT LOGIN REFUSED FROM %.200s",
+ get_canonical_hostname());
+ }
}
/* Raise logging level */