Fix openssh portable
This commit is contained in:
81
security/openssh-portable/files/patch-sshd_config.5
Normal file
81
security/openssh-portable/files/patch-sshd_config.5
Normal file
@ -0,0 +1,81 @@
|
||||
--- sshd_config.5.orig 2022-02-11 18:50:00.822679000 +0000
|
||||
+++ sshd_config.5 2022-02-11 19:09:05.162504000 +0000
|
||||
@@ -701,7 +701,9 @@
|
||||
.Qq ssh -Q HostbasedAcceptedAlgorithms .
|
||||
This was formerly named HostbasedAcceptedKeyTypes.
|
||||
.It Cm HostbasedAuthentication
|
||||
-Specifies whether rhosts or /etc/hosts.equiv authentication together
|
||||
+Specifies whether rhosts or
|
||||
+.Pa /etc/hosts.equiv
|
||||
+authentication together
|
||||
with successful public key client host authentication is allowed
|
||||
(host-based authentication).
|
||||
The default is
|
||||
@@ -1277,7 +1279,23 @@
|
||||
.It Cm PasswordAuthentication
|
||||
Specifies whether password authentication is allowed.
|
||||
The default is
|
||||
+.Cm no ,
|
||||
+unless
|
||||
+.Nm sshd
|
||||
+was built without PAM support, in which case the default is
|
||||
.Cm yes .
|
||||
+.Pp
|
||||
+Note that if
|
||||
+.Cm ChallengeResponseAuthentication
|
||||
+is
|
||||
+.Cm yes ,
|
||||
+and the PAM authentication policy for
|
||||
+.Nm sshd
|
||||
+includes
|
||||
+.Xr pam_unix 8 ,
|
||||
+password authentication will be allowed through the challenge-response
|
||||
+mechanism regardless of the value of
|
||||
+.Cm PasswordAuthentication .
|
||||
.It Cm PermitEmptyPasswords
|
||||
When password authentication is allowed, it specifies whether the
|
||||
server allows login to accounts with empty password strings.
|
||||
@@ -1416,6 +1434,13 @@
|
||||
.Cm ethernet .
|
||||
The default is
|
||||
.Cm no .
|
||||
+Note that if
|
||||
+.Cm ChallengeResponseAuthentication
|
||||
+is
|
||||
+.Cm yes ,
|
||||
+the root user may be allowed in with its password even if
|
||||
+.Cm PermitRootLogin is set to
|
||||
+.Cm without-password .
|
||||
.Pp
|
||||
Independent of this setting, the permissions of the selected
|
||||
.Xr tun 4
|
||||
@@ -1774,12 +1799,19 @@
|
||||
.Xr sshd 8
|
||||
as a non-root user.
|
||||
The default is
|
||||
+.Cm yes ,
|
||||
+unless
|
||||
+.Nm sshd
|
||||
+was built without PAM support, in which case the default is
|
||||
.Cm no .
|
||||
.It Cm VersionAddendum
|
||||
Optionally specifies additional text to append to the SSH protocol banner
|
||||
sent by the server upon connection.
|
||||
The default is
|
||||
-.Cm none .
|
||||
+.Cm %%SSH_VERSION_FREEBSD_PORT%% .
|
||||
+The value
|
||||
+.Cm none
|
||||
+may be used to disable this.
|
||||
.It Cm X11DisplayOffset
|
||||
Specifies the first display number available for
|
||||
.Xr sshd 8 Ns 's
|
||||
@@ -1793,7 +1825,7 @@
|
||||
or
|
||||
.Cm no .
|
||||
The default is
|
||||
-.Cm no .
|
||||
+.Cm yes .
|
||||
.Pp
|
||||
When X11 forwarding is enabled, there may be additional exposure to
|
||||
the server and to client displays if the
|
||||
Reference in New Issue
Block a user