On Thu, 12 May 2022 at 11:19, Ed Maste <emaste@freebsd.org> wrote:
>
> I updated sshd_config in the FreeBSD base system to pick up the
> without-password -> prohibit-password option rename (in the UsePAM
> description):
This fix from FreeBSD is still outstanding:
> --- a/crypto/openssh/sshd_config
> +++ b/crypto/openssh/sshd_config
> @@ -78,7 +78,7 @@ AuthorizedKeysFile .ssh/authorized_keys
> # be allowed through the KbdInteractiveAuthentication and
> # PasswordAuthentication. Depending on your PAM configuration,
> # PAM authentication via KbdInteractiveAuthentication may bypass
> -# the setting of "PermitRootLogin without-password".
> +# the setting of "PermitRootLogin prohibit-password".
> # If you just want the PAM account and session checks to run without
> # PAM authentication, then enable this but set PasswordAuthentication
> # and KbdInteractiveAuthentication to 'no'.
"without-password" is the deprecated alias for "prohibit-password", so
we should reference the latter.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
> I updated sshd_config in the FreeBSD base system to pick up the
> without-password -> prohibit-password option rename (in the UsePAM
> description):
This fix from FreeBSD is still outstanding:
> --- a/crypto/openssh/sshd_config
> +++ b/crypto/openssh/sshd_config
> @@ -78,7 +78,7 @@ AuthorizedKeysFile .ssh/authorized_keys
> # be allowed through the KbdInteractiveAuthentication and
> # PasswordAuthentication. Depending on your PAM configuration,
> # PAM authentication via KbdInteractiveAuthentication may bypass
> -# the setting of "PermitRootLogin without-password".
> +# the setting of "PermitRootLogin prohibit-password".
> # If you just want the PAM account and session checks to run without
> # PAM authentication, then enable this but set PasswordAuthentication
> # and KbdInteractiveAuthentication to 'no'.
"without-password" is the deprecated alias for "prohibit-password", so
we should reference the latter.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev