'Fwd: git: 0e12eb7b58ae - main - ssh: update sshd_config for prohibit-password option'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssh-unix-dev
Subject:    Fwd: git: 0e12eb7b58ae - main - ssh: update sshd_config for prohibit-password option
From:       Ed Maste <emaste () freebsd ! org>
Date:       2022-05-12 15:19:20
Message-ID: CAPyFy2Cuscrir-e01Syi=DQCgUnT3D29Ep-7aceDxjz4yRbXOw () mail ! gmail ! com
[Download RAW message or body]

I updated sshd_config in the FreeBSD base system to pick up the
without-password -> prohibit-password option rename (in the UsePAM
description):

---------- Forwarded message ---------
From: Ed Maste <emaste@freebsd.org>
Date: Thu, 12 May 2022 at 11:17
Subject: git: 0e12eb7b58ae - main - ssh: update sshd_config for
prohibit-password option

Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-05-10 14:08:21 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-05-12 15:16:09 +0000

    ssh: update sshd_config for prohibit-password option

    The PermitRootLogin option "prohibit-password" was added as a synonym
    for "without-password" in 2015.  Then in 2017 these were swapped:
    "prohibit-password" became the canonical option and "without-password"
    became a deprecated synonym (in OpenSSH commit 071325f458).

    The UsePAM description in sshd_config still mentioned
    "without-password."  Update it to match the new canonical option.

    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
---
 crypto/openssh/sshd_config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config
index bb2e1098368e..956a4bd7d7af 100644
--- a/crypto/openssh/sshd_config
+++ b/crypto/openssh/sshd_config
@@ -78,7 +78,7 @@ AuthorizedKeysFile    .ssh/authorized_keys
 # be allowed through the KbdInteractiveAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
 # PAM authentication via KbdInteractiveAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
+# the setting of "PermitRootLogin prohibit-password".
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and KbdInteractiveAuthentication to 'no'.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread] 
