Sat Nov 27 23:22:25 2021 UTC ()
Amend the comment about UsePAM; the ChallengeResponseAuthentication
setting is deprecated, replaced by KbdInteractiveAuthentication,
confirmed both by man page and code.


(he)
diff -r1.26 -r1.27 src/crypto/external/bsd/openssh/dist/sshd_config
cvs diff -r1.26 -r1.27 src/crypto/external/bsd/openssh/dist/sshd_config (expand / switch to unified diff)

--- src/crypto/external/bsd/openssh/dist/sshd_config 2021/09/02 11:26:18 1.26
+++ src/crypto/external/bsd/openssh/dist/sshd_config 2021/11/27 23:22:25 1.27
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: sshd_config,v 1.26 2021/09/02 11:26:18 christos Exp $ 1# $NetBSD: sshd_config,v 1.27 2021/11/27 23:22:25 he Exp $
2# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ 2# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
3 3
4# This is the sshd server system-wide configuration file. See 4# This is the sshd server system-wide configuration file. See
5# sshd_config(5) for more information. 5# sshd_config(5) for more information.
6 6
7# The strategy used for options in the default sshd_config shipped with 7# The strategy used for options in the default sshd_config shipped with
8# OpenSSH is to specify options with their default value where 8# OpenSSH is to specify options with their default value where
9# possible, but leave them commented. Uncommented options override the 9# possible, but leave them commented. Uncommented options override the
10# default value. 10# default value.
11 11
12#Port 22 12#Port 22
13#AddressFamily any 13#AddressFamily any
14#ListenAddress 0.0.0.0 14#ListenAddress 0.0.0.0
@@ -62,33 +62,33 @@ AuthorizedKeysFile .ssh/authorized_keys @@ -62,33 +62,33 @@ AuthorizedKeysFile .ssh/authorized_keys
62 62
63# Kerberos options 63# Kerberos options
64#KerberosAuthentication no 64#KerberosAuthentication no
65#KerberosOrLocalPasswd yes 65#KerberosOrLocalPasswd yes
66#KerberosTicketCleanup yes 66#KerberosTicketCleanup yes
67#KerberosGetAFSToken no 67#KerberosGetAFSToken no
68 68
69# GSSAPI options 69# GSSAPI options
70#GSSAPIAuthentication no 70#GSSAPIAuthentication no
71#GSSAPICleanupCredentials yes 71#GSSAPICleanupCredentials yes
72 72
73# Set this to 'yes' to enable PAM authentication, account processing, 73# Set this to 'yes' to enable PAM authentication, account processing,
74# and session processing. If this is enabled, PAM authentication will 74# and session processing. If this is enabled, PAM authentication will
75# be allowed through the ChallengeResponseAuthentication and 75# be allowed through the KbdInteractiveAuthentication and
76# PasswordAuthentication. Depending on your PAM configuration, 76# PasswordAuthentication settings. Depending on your PAM configuration,
77# PAM authentication via ChallengeResponseAuthentication may bypass 77# PAM authentication via KbdInteractiveAuthentication may bypass
78# the setting of "PermitRootLogin without-password". 78# the setting of "PermitRootLogin without-password".
79# If you just want the PAM account and session checks to run without 79# If you just want the PAM account and session checks to run without
80# PAM authentication, then enable this but set PasswordAuthentication 80# PAM authentication, then enable this but set PasswordAuthentication
81# and ChallengeResponseAuthentication to 'no'. 81# and KbdInteractiveAuthentication to 'no'.
82UsePAM yes 82UsePAM yes
83 83
84#AllowAgentForwarding yes 84#AllowAgentForwarding yes
85#AllowTcpForwarding yes 85#AllowTcpForwarding yes
86#GatewayPorts no 86#GatewayPorts no
87#X11Forwarding no 87#X11Forwarding no
88# If you use xorg from pkgsrc then uncomment the following line. 88# If you use xorg from pkgsrc then uncomment the following line.
89#XAuthLocation /usr/pkg/bin/xauth 89#XAuthLocation /usr/pkg/bin/xauth
90#X11DisplayOffset 10 90#X11DisplayOffset 10
91#X11UseLocalhost yes 91#X11UseLocalhost yes
92#PermitTTY yes 92#PermitTTY yes
93#PrintMotd yes 93#PrintMotd yes
94#PrintLastLog yes 94#PrintLastLog yes