Going back to openssh 8.8

2024-10-08 09:54:55 +02:00
parent 09e08245c5
commit 1b2c8330ff
20 changed files with 241 additions and 709 deletions
--- a/security/openssh-portable/files/patch-sshd_config
+++ b/security/openssh-portable/files/patch-sshd_config
@ -1,8 +1,5 @@
-!!!
-!!! Note files/extra-patch-pam-sshd_config contains more changes for default PAM option.
-!!!
--- sshd_config.orig	2022-02-11 18:49:55.062881000 +0000
-+++ sshd_config	2022-02-11 18:52:31.639435000 +0000
+--- sshd_config.orig	2021-08-19 21:03:49.000000000 -0700
+++ sshd_config	2021-09-07 12:34:49.372652000 -0700
@@ -10,6 +10,9 @@
 # possible, but leave them commented.  Uncommented options override the
 # default value.
@ -23,7 +20,33 @@
 
 #AuthorizedPrincipalsFile none
 
-@@ -84,7 +86,7 @@
+@@ -53,8 +55,8 @@ AuthorizedKeysFile	.ssh/authorized_keys
+ # Don't read the user's ~/.rhosts and ~/.shosts files
+ #IgnoreRhosts yes
+ 
+-# To disable tunneled clear text passwords, change to no here!
+-#PasswordAuthentication yes
+# To enable tunneled clear text passwords, change to yes here!
+#PasswordAuthentication no
+ #PermitEmptyPasswords no
+ 
+ # Change to no to disable s/key passwords
+@@ -70,7 +72,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
+ #GSSAPIAuthentication no
+ #GSSAPICleanupCredentials yes
+ 
+-# Set this to 'yes' to enable PAM authentication, account processing,
+# Set this to 'no' to disable PAM authentication, account processing,
+ # and session processing. If this is enabled, PAM authentication will
+ # be allowed through the KbdInteractiveAuthentication and
+ # PasswordAuthentication.  Depending on your PAM configuration,
+@@ -79,12 +81,12 @@ AuthorizedKeysFile	.ssh/authorized_keys
+ # If you just want the PAM account and session checks to run without
+ # PAM authentication, then enable this but set PasswordAuthentication
+ # and KbdInteractiveAuthentication to 'no'.
+-#UsePAM no
+#UsePAM yes
+ 
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no