From nobody Mon Sep 26 09:02:16 2022 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MbcHC0sCwz4dTkm for ; Mon, 26 Sep 2022 09:03:19 +0000 (UTC) (envelope-from sake@saketec.com) Received: from mo4-p00-ob.smtp.rzone.de (mo4-p00-ob.smtp.rzone.de [85.215.255.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "*.smtp.rzone.de", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MbcH96vX4z3QWd for ; Mon, 26 Sep 2022 09:03:17 +0000 (UTC) (envelope-from sake@saketec.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1664182995; s=strato-dkim-0002; d=saketec.com; h=Subject:From:To:Date:Message-ID:Cc:Date:From:Subject:Sender; bh=XG1GYXoJ0ivMrO54I+44OV64HsbIWmiWSqWhs+VTNa8=; b=eVRN5qoueSqtCrryzn3rxTZvow1wr1pUf5aPToeMdt0vh0IJ/R0pNcm9oA9pcBPKXh zXPpiHXtikRhdvpdK/P3sBMUtZdFEM0o13h4DXPxGfK/89FE0wPuU46CMBiZ9qGv8UtS cxaAjLVbHAnm/+jcSCIgf9tnd5+2p3nU+JraqXARW9C+dKijmUAgFo9ciJzP7wPdzFLf H6TxPK0FH1QJIxAQb5Dtni8SL+ClAKOuLc7Q+fAmAml/d/exRMXxisXLxeAgNG9r+ZIw kfmzn0K7fqD0mXSszePCA0/CH5vPmV7R99AOvdNgfXpNrQDVV30ZUrxa4pZmk/sTQpNS vkZQ== X-RZG-AUTH: ":P20PcGC7evQ2WPJlJx6TUbZ28kOoDMf04skIlundbkeatAXTiqszTgmsaOWAiJ8=" X-RZG-CLASS-ID: mo00 Received: from [192.168.103.190] by smtp.strato.de (RZmta 48.1.1 DYNA|AUTH) with ESMTPSA id Cc8084y8Q93F8YX (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate) for ; Mon, 26 Sep 2022 11:03:15 +0200 (CEST) Message-ID: <5782eea5-0c83-a5fe-e867-73c98acc46ef@saketec.com> Date: Mon, 26 Sep 2022 11:02:16 +0200 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Content-Language: en-US To: questions@freebsd.org From: sake Subject: Upgrade from 13.0 to 13.1, sshd_config broken Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4MbcH96vX4z3QWd X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=saketec.com header.s=strato-dkim-0002 header.b=eVRN5qou; dmarc=none; spf=none (mx1.freebsd.org: domain of sake@saketec.com has no SPF policy when checking 85.215.255.22) smtp.mailfrom=sake@saketec.com X-Spamd-Result: default: False [-3.30 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[saketec.com:s=strato-dkim-0002]; MIME_GOOD(-0.10)[text/plain]; RCVD_IN_DNSWL_NONE(0.00)[85.215.255.22:from]; MLMMJ_DEST(0.00)[questions@freebsd.org]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_SPF_NA(0.00)[no SPF record]; ASN(0.00)[asn:6724, ipnet:85.215.255.0/24, country:DE]; MIME_TRACE(0.00)[0:+]; DKIM_TRACE(0.00)[saketec.com:+]; DMARC_NA(0.00)[saketec.com]; RCPT_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N Hi, So I did the upgrade and everything is running good now. But I had to log in via console and repair the sshd_config file. --- snip sshd_config-broken --- # Set this to 'no' to disable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will <<<<<<< current version # be allowed through the ChallengeResponseAuthentication and # PAM authentication via ChallengeResponseAuthentication may bypass ======= # be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication.  Depending on your PAM configuration, # PAM authentication via KbdInteractiveAuthentication may bypass # the setting of "PermitRootLogin without-password". >>>>>>> 13.1-RELEASE # If you just want the PAM account and session checks to run without <<<<<<< current version # and ChallengeResponseAuthentication to 'no'. ======= # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'. >>>>>>> 13.1-RELEASE --- snip --- It looks like some comments haven't received the leading #  I haven't found any similar error in the internet regarding the upgrade process. Seems like I'm the only one having this issue. Can anyone explain to me why this happened and what I can do to prevent this the next time? Thanks in advance cheers sake.