git: 0e12eb7b58ae - main - ssh: update sshd_config for prohibit-password option
Ed Maste
emaste at freebsd.org
Sun Nov 6 05:34:44 AEDT 2022
On Thu, 12 May 2022 at 11:19, Ed Maste <emaste at freebsd.org> wrote:
>
> I updated sshd_config in the FreeBSD base system to pick up the
> without-password -> prohibit-password option rename (in the UsePAM
> description):
This fix from FreeBSD is still outstanding:
> --- a/crypto/openssh/sshd_config
> +++ b/crypto/openssh/sshd_config
> @@ -78,7 +78,7 @@ AuthorizedKeysFile .ssh/authorized_keys
> # be allowed through the KbdInteractiveAuthentication and
> # PasswordAuthentication. Depending on your PAM configuration,
> # PAM authentication via KbdInteractiveAuthentication may bypass
> -# the setting of "PermitRootLogin without-password".
> +# the setting of "PermitRootLogin prohibit-password".
> # If you just want the PAM account and session checks to run without
> # PAM authentication, then enable this but set PasswordAuthentication
> # and KbdInteractiveAuthentication to 'no'.
"without-password" is the deprecated alias for "prohibit-password", so
we should reference the latter.
More information about the openssh-unix-dev
mailing list