Fixed
Created: Feb 11, 2015
Updated: Dec 3, 2018
Resolved Date: Mar 2, 2015
Found In Version: 6.0.0.16
Fix Version: 6.0.0.18
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace
in wrlinux 4.3, when openssh was compiled with pam support, in the sshd_config file, PAM was used by default as an authentication method:
UsePAM yes
on wrlinux 6, even though the openssh package is being compiled with pam support:
--build=x86_64-linux --host=i586-wrs-linux --target=i586-wrs-linux --prefix=/usr --exec_prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib/openssh --datadir=/usr/share --sysconfdir=/etc --sharedstatedir=/com --localstatedir=/var --libdir=/usr/lib --includedir=/usr/include --oldincludedir=/usr/include --infodir=/usr/share/info --mandir=/usr/share/man --disable-silent-rules --disable-dependency-tracking --with-libtool-sysroot=/home/stef/workspace/wrl6_qemu/bitbake_build/tmp/sysroots/qemux86 --with-rand-helper=no --with-pam --without-zlib-version-check --with-privsep-path=/var/run/sshd --sysconfdir=/etc/ssh --with-xauth=/usr/bin/xauth --with-tcp-wrappers
the PAM option is not enabled in the sshd_config file:
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
PermitRootLogin yes
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
configure a wrlinux 6 project based on standard kernel/rootfs (any BSP)
build
check the etc/ssh/sshd_config file
