Date: Mon, 26 Sep 2022 12:34:46 +0300 From: Odhiambo Washington <odhiambo@gmail.com> To: questions@freebsd.org Subject: Re: Upgrade from 13.0 to 13.1, sshd_config broken Message-ID: <CAAdA2WPPqOqJUobgVemCMeN_Mh_jCOgZ-tuFXvup0OM82V_UKw@mail.gmail.com> In-Reply-To: <5782eea5-0c83-a5fe-e867-73c98acc46ef@saketec.com> References: <5782eea5-0c83-a5fe-e867-73c98acc46ef@saketec.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000001349e705e9913f6a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Sep 26, 2022 at 12:03 PM sake <sake@saketec.com> wrote: > Hi, > > So I did the upgrade and everything is running good now. But I had to > log in via console and repair the sshd_config file. > > --- snip sshd_config-broken --- > > # Set this to 'no' to disable PAM authentication, account processing, > # and session processing. If this is enabled, PAM authentication will > <<<<<<< current version > # be allowed through the ChallengeResponseAuthentication and > # PAM authentication via ChallengeResponseAuthentication may bypass > =3D=3D=3D=3D=3D=3D=3D > # be allowed through the KbdInteractiveAuthentication and > # PasswordAuthentication. Depending on your PAM configuration, > # PAM authentication via KbdInteractiveAuthentication may bypass > # the setting of "PermitRootLogin without-password". > >>>>>>> 13.1-RELEASE > # If you just want the PAM account and session checks to run without > <<<<<<< current version > # and ChallengeResponseAuthentication to 'no'. > =3D=3D=3D=3D=3D=3D=3D > # PAM authentication, then enable this but set PasswordAuthentication > # and KbdInteractiveAuthentication to 'no'. > >>>>>>> 13.1-RELEASE > > --- snip --- > > It looks like some comments haven't received the leading # I haven't > found any similar error in the internet regarding the upgrade process. > Seems like I'm the only one having this issue. > > Can anyone explain to me why this happened and what I can do to prevent > this the next time? > > Thanks in advance > cheers > sake. > > This did bite me as well when I upgraded, but it only happened with the sshd_config. Please report this as a bug and it will be fixed. I did not remember to report it. I was luck that I had a web-based SSH setup on the server when this bit me else I'd have been locked out . --=20 Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-) --0000000000001349e705e9913f6a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">= <div dir=3D"ltr" class=3D"gmail_attr">On Mon, Sep 26, 2022 at 12:03 PM sake= <<a href=3D"mailto:sake@saketec.com">sake@saketec.com</a>> wrote:<br= ></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;= border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br> <br> So I did the upgrade and everything is running good now. But I had to <br> log in via console and repair the sshd_config file.<br> <br> --- snip sshd_config-broken ---<br> <br> # Set this to 'no' to disable PAM authentication, account processin= g,<br> # and session processing. If this is enabled, PAM authentication will<br> <<<<<<< current version<br> # be allowed through the ChallengeResponseAuthentication and<br> # PAM authentication via ChallengeResponseAuthentication may bypass<br> =3D=3D=3D=3D=3D=3D=3D<br> # be allowed through the KbdInteractiveAuthentication and<br> # PasswordAuthentication.=C2=A0 Depending on your PAM configuration,<br> # PAM authentication via KbdInteractiveAuthentication may bypass<br> # the setting of "PermitRootLogin without-password".<br> =C2=A0>>>>>>> 13.1-RELEASE<br> # If you just want the PAM account and session checks to run without<br> <<<<<<< current version<br> # and ChallengeResponseAuthentication to 'no'.<br> =3D=3D=3D=3D=3D=3D=3D<br> # PAM authentication, then enable this but set PasswordAuthentication<br> # and KbdInteractiveAuthentication to 'no'.<br> =C2=A0>>>>>>> 13.1-RELEASE<br> <br> --- snip ---<br> <br> It looks like some comments haven't received the leading #=C2=A0 I have= n't <br> found any similar error in the internet regarding the upgrade process. <br> Seems like I'm the only one having this issue.<br> <br> Can anyone explain to me why this happened and what I can do to prevent <br= > this the next time?<br> <br> Thanks in advance<br> cheers<br> sake.<br> <br></blockquote><div><br></div><div>This did bite me as well when I upgrad= ed, but it only happened with the sshd_config.</div><div>Please report this= as a bug and it will be fixed.</div><div>I did not remember to report it. = I was luck that I had a web-based SSH setup on the server when this bit me = else I'd have been locked out .=C2=A0</div></div><br clear=3D"all"><div= ><br></div>-- <br><div dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"lt= r"><div dir=3D"ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,K= E<br>+254 7 3200 0004/+254 7 2274 3223<br>"<span style=3D"font-size:12= .8px">Oh, the cruft.</span><span style=3D"font-size:12.8px">",=C2=A0</= span><span style=3D"font-size:12.8px">egrep -v '^$|^.*#'=C2=A0</spa= n><span style=3D"background-color:rgb(34,34,34);color:rgb(238,238,238);font= -family:"Lucida Console",Consolas,"Courier New",monospa= ce;font-size:13.6px">=C2=AF\_(=E3=83=84)_/=C2=AF</span><span style=3D"font-= size:12.8px">=C2=A0:-)</span></div></div></div></div></div> --0000000000001349e705e9913f6a--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAdA2WPPqOqJUobgVemCMeN_Mh_jCOgZ-tuFXvup0OM82V_UKw>