# HG changeset patch # User Matt Johnston # Date 1366292858 -28800 # Node ID ff6e551da826bdd467bee349cbc2846d882249c2 # Parent 0e5ea6812bb78486a1f4370a4cfb186ed7b01373 Don't enable CLI_IMMEDIATE_AUTH by default, it breaks blank password logins diff -r 0e5ea6812bb7 -r ff6e551da826 options.h --- a/options.h Wed Apr 17 23:17:27 2013 +0800 +++ b/options.h Thu Apr 18 21:47:38 2013 +0800 @@ -204,6 +204,13 @@ * return the password on standard output */ /*#define ENABLE_CLI_ASKPASS_HELPER*/ +/* Send a real auth request first rather than requesting a list of available methods. + * It saves a network round trip at login but prevents immediate login to + * accounts with no password, and might be rejected by some strict servers (none + * encountered yet) - hence it isn't enabled by default. */ +/* #define CLI_IMMEDIATE_AUTH */ + + /* Source for randomness. This must be able to provide hundreds of bytes per SSH * connection without blocking. In addition /dev/random is used for seeding * rsa/dss key generation */ diff -r 0e5ea6812bb7 -r ff6e551da826 sysoptions.h --- a/sysoptions.h Wed Apr 17 23:17:27 2013 +0800 +++ b/sysoptions.h Thu Apr 18 21:47:38 2013 +0800 @@ -198,9 +198,6 @@ #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */ #endif -/* Send an auth request straight away rather than trying "none" type to get a list */ -#define CLI_IMMEDIATE_AUTH - /* Changing this is inadvisable, it appears to have problems * with flushing compressed data */ #define DROPBEAR_ZLIB_MEM_LEVEL 8