Removed for tests
This commit is contained in:
88
security.old/openssh-portable/files/patch-sshd_config.5
Normal file
88
security.old/openssh-portable/files/patch-sshd_config.5
Normal file
@ -0,0 +1,88 @@
|
||||
--- sshd_config.5.orig 2017-03-19 19:39:27.000000000 -0700
|
||||
+++ sshd_config.5 2017-03-20 11:48:37.553620000 -0700
|
||||
@@ -373,7 +373,9 @@ By default, no banner is displayed.
|
||||
.It Cm ChallengeResponseAuthentication
|
||||
Specifies whether challenge-response authentication is allowed (e.g. via
|
||||
PAM or through authentication styles supported in
|
||||
-.Xr login.conf 5 )
|
||||
+.Xr login.conf 5 ) .
|
||||
+See also
|
||||
+.Cm UsePAM .
|
||||
The default is
|
||||
.Cm yes .
|
||||
.It Cm ChrootDirectory
|
||||
@@ -671,7 +673,9 @@ ssh-ed25519,ssh-rsa
|
||||
The list of available key types may also be obtained using
|
||||
.Qq ssh -Q key .
|
||||
.It Cm HostbasedAuthentication
|
||||
-Specifies whether rhosts or /etc/hosts.equiv authentication together
|
||||
+Specifies whether rhosts or
|
||||
+.Pa /etc/hosts.equiv
|
||||
+authentication together
|
||||
with successful public key client host authentication is allowed
|
||||
(host-based authentication).
|
||||
The default is
|
||||
@@ -1136,7 +1140,22 @@ are refused if the number of unauthentic
|
||||
.It Cm PasswordAuthentication
|
||||
Specifies whether password authentication is allowed.
|
||||
The default is
|
||||
+.Cm no ,
|
||||
+unless
|
||||
+.Nm sshd
|
||||
+was built without PAM support, in which case the default is
|
||||
.Cm yes .
|
||||
+Note that if
|
||||
+.Cm ChallengeResponseAuthentication
|
||||
+is
|
||||
+.Cm yes ,
|
||||
+and the PAM authentication policy for
|
||||
+.Nm sshd
|
||||
+includes
|
||||
+.Xr pam_unix 8 ,
|
||||
+password authentication will be allowed through the challenge-response
|
||||
+mechanism regardless of the value of
|
||||
+.Cm PasswordAuthentication .
|
||||
.It Cm PermitEmptyPasswords
|
||||
When password authentication is allowed, it specifies whether the
|
||||
server allows login to accounts with empty password strings.
|
||||
@@ -1232,6 +1251,13 @@ and
|
||||
.Cm ethernet .
|
||||
The default is
|
||||
.Cm no .
|
||||
+Note that if
|
||||
+.Cm ChallengeResponseAuthentication
|
||||
+is
|
||||
+.Cm yes ,
|
||||
+the root user may be allowed in with its password even if
|
||||
+.Cm PermitRootLogin is set to
|
||||
+.Cm without-password .
|
||||
.Pp
|
||||
Independent of this setting, the permissions of the selected
|
||||
.Xr tun 4
|
||||
@@ -1493,12 +1519,15 @@ is enabled, you will not be able to run
|
||||
.Xr sshd 8
|
||||
as a non-root user.
|
||||
The default is
|
||||
-.Cm no .
|
||||
+.Cm yes .
|
||||
.It Cm VersionAddendum
|
||||
Optionally specifies additional text to append to the SSH protocol banner
|
||||
sent by the server upon connection.
|
||||
The default is
|
||||
-.Cm none .
|
||||
+.Cm %%SSH_VERSION_FREEBSD_PORT%% .
|
||||
+The value
|
||||
+.Cm none
|
||||
+may be used to disable this.
|
||||
.It Cm X11DisplayOffset
|
||||
Specifies the first display number available for
|
||||
.Xr sshd 8 Ns 's
|
||||
@@ -1512,7 +1541,7 @@ The argument must be
|
||||
or
|
||||
.Cm no .
|
||||
The default is
|
||||
-.Cm no .
|
||||
+.Cm yes .
|
||||
.Pp
|
||||
When X11 forwarding is enabled, there may be additional exposure to
|
||||
the server and to client displays if the
|
||||
Reference in New Issue
Block a user