From 69139fcbb28d5080f1f7d32ad3c306cd7bd24310 Mon Sep 17 00:00:00 2001
From: sooslaca <sooslaca@gmail.com>
Date: Thu, 10 Oct 2019 13:35:50 +0200
Subject: [PATCH] Hide leaking hostname on SSH password auth (#3754)

---
 src/opnsense/service/templates/OPNsense/Auth/sshd.pam | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/opnsense/service/templates/OPNsense/Auth/sshd.pam b/src/opnsense/service/templates/OPNsense/Auth/sshd.pam
index e58925029..8081f37dd 100644
--- a/src/opnsense/service/templates/OPNsense/Auth/sshd.pam
+++ b/src/opnsense/service/templates/OPNsense/Auth/sshd.pam
@@ -10,9 +10,9 @@ auth		requisite	pam_opieaccess.so	no_warn allow_local
 #auth		sufficient	pam_krb5.so		no_warn try_first_pass
 #auth		sufficient	pam_ssh.so		no_warn try_first_pass
 {% if system.disableintegratedauth|default('0') == '0' %}
-auth		sufficient	pam_opnsense.so
+auth		sufficient	pam_opnsense.so		authtok_prompt=Password:
 {% endif %}
-auth		required	pam_unix.so		no_warn try_first_pass
+auth		required	pam_unix.so		no_warn try_first_pass authtok_prompt=Password:
 
 # account
 account		required	pam_nologin.so