From nobody Mon Sep 26 09:34:46 2022 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mbd0D74Q6z4dXSD for ; Mon, 26 Sep 2022 09:35:24 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Mbd0C2b5pz3TW2 for ; Mon, 26 Sep 2022 09:35:23 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: by mail-lj1-x22a.google.com with SMTP id s10so6749504ljp.5 for ; Mon, 26 Sep 2022 02:35:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date; bh=YNzsl38cQnY/5m1Sle8RWny+P7lIcm+eXM7yR9qJko4=; b=iQp/BFDch0vvQgtSGMhoa+KPmgeO8n5+pZwzb1FenkCbLIzhpqEEbn4Xq0hfZJDs/Q xygdGkxYbtf197SUevDyl0W03zRAFb+lRtHbSVA7hl6q6tWo+qM0PDSSxEVBjBNUBmPW eHK6+R7EvrEu/2k9anZ3Rc43iDkA70430ded4ohQqIe36R0Tc/0SMccB9qmPrlOPjK1m jbpyA/KK1lyh9TRWvvrz2syfxoTBr6+lJ3Umqo22XzIIknkjjwpwpmrkK73A2dGraBva DlHbw3qMUa/ZK/pzcWjAdp9C1ZJJ7Ml+JHEmn1m5sSScW8SRMWf7RT00hckSzbootyER Oq9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date; bh=YNzsl38cQnY/5m1Sle8RWny+P7lIcm+eXM7yR9qJko4=; b=Ys3ahsVzhghtLhFkZJWCNPjnYPphUcR+42CCtacHY/pgDBYo+e3Gr1Hn+eUbzo0WPr 4swcVdaQRRSlUHZrxSKgrvp+OJnwIRS+Y1gFpnnxXje7PsLvACzrE8mC1UO3ik3PUz9/ n8xB2/MyXTRLMzIl489cnVVxSZUrbzJDjQvHgt8iRAUbv9NXeY662pvkRoWswRtOu8MT NoWGQCWacCMVrWos+2SOC65P1SizgucN43NjXO1+gsA2kgXSB3KYGjwy/jCIbDDr53JJ Lakhp745KLImdU2Ei1LuB0O/NXnMh9AMtzxWXQefhH+phyAOnUuMzumilwp9UWyLxJDA 2YFA== X-Gm-Message-State: ACrzQf2bfZ9ZFdHB8/M8INIsV5xT79ItI0LXXfWPwWc1cO9iN3pWr+vF SMSNBMcC8nZdyouyz9P31u9qHXpp2209MXVnh9oLqfgC85toSA== X-Google-Smtp-Source: AMsMyM4L89oYwjo72AlmKSZ3zq/v3DCCg46vIsz6PJtjQvOLWobglQZ3k5AfqO8hRW/mucdVDWuFvTw1p+xuNAm1+4w= X-Received: by 2002:a05:651c:19a5:b0:26c:3556:c7a9 with SMTP id bx37-20020a05651c19a500b0026c3556c7a9mr7649846ljb.430.1664184921309; Mon, 26 Sep 2022 02:35:21 -0700 (PDT) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References: <5782eea5-0c83-a5fe-e867-73c98acc46ef@saketec.com> In-Reply-To: <5782eea5-0c83-a5fe-e867-73c98acc46ef@saketec.com> From: Odhiambo Washington Date: Mon, 26 Sep 2022 12:34:46 +0300 Message-ID: Subject: Re: Upgrade from 13.0 to 13.1, sshd_config broken To: questions@freebsd.org Content-Type: multipart/alternative; boundary="0000000000001349e705e9913f6a" X-Rspamd-Queue-Id: 4Mbd0C2b5pz3TW2 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b="iQp/BFDc"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of odhiambo@gmail.com designates 2a00:1450:4864:20::22a as permitted sender) smtp.mailfrom=odhiambo@gmail.com X-Spamd-Result: default: False [-3.58 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.997]; NEURAL_HAM_LONG(-0.99)[-0.991]; NEURAL_HAM_SHORT(-0.59)[-0.593]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::22a:from]; MLMMJ_DEST(0.00)[questions@freebsd.org]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MID_RHS_MATCH_FROMTLD(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FREEMAIL_FROM(0.00)[gmail.com]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_NONE(0.00)[]; RCVD_TLS_LAST(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-ThisMailContainsUnwantedMimeParts: N --0000000000001349e705e9913f6a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Sep 26, 2022 at 12:03 PM sake wrote: > Hi, > > So I did the upgrade and everything is running good now. But I had to > log in via console and repair the sshd_config file. > > --- snip sshd_config-broken --- > > # Set this to 'no' to disable PAM authentication, account processing, > # and session processing. If this is enabled, PAM authentication will > <<<<<<< current version > # be allowed through the ChallengeResponseAuthentication and > # PAM authentication via ChallengeResponseAuthentication may bypass > =3D=3D=3D=3D=3D=3D=3D > # be allowed through the KbdInteractiveAuthentication and > # PasswordAuthentication. Depending on your PAM configuration, > # PAM authentication via KbdInteractiveAuthentication may bypass > # the setting of "PermitRootLogin without-password". > >>>>>>> 13.1-RELEASE > # If you just want the PAM account and session checks to run without > <<<<<<< current version > # and ChallengeResponseAuthentication to 'no'. > =3D=3D=3D=3D=3D=3D=3D > # PAM authentication, then enable this but set PasswordAuthentication > # and KbdInteractiveAuthentication to 'no'. > >>>>>>> 13.1-RELEASE > > --- snip --- > > It looks like some comments haven't received the leading # I haven't > found any similar error in the internet regarding the upgrade process. > Seems like I'm the only one having this issue. > > Can anyone explain to me why this happened and what I can do to prevent > this the next time? > > Thanks in advance > cheers > sake. > > This did bite me as well when I upgraded, but it only happened with the sshd_config. Please report this as a bug and it will be fixed. I did not remember to report it. I was luck that I had a web-based SSH setup on the server when this bit me else I'd have been locked out . --=20 Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-) --0000000000001349e705e9913f6a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Mon, Sep 26, 2022 at 12:03 PM sake= <sake@saketec.com> wrote:
Hi,

So I did the upgrade and everything is running good now. But I had to
log in via console and repair the sshd_config file.

--- snip sshd_config-broken ---

# Set this to 'no' to disable PAM authentication, account processin= g,
# and session processing. If this is enabled, PAM authentication will
<<<<<<< current version
# be allowed through the ChallengeResponseAuthentication and
# PAM authentication via ChallengeResponseAuthentication may bypass
=3D=3D=3D=3D=3D=3D=3D
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.=C2=A0 Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
=C2=A0>>>>>>> 13.1-RELEASE
# If you just want the PAM account and session checks to run without
<<<<<<< current version
# and ChallengeResponseAuthentication to 'no'.
=3D=3D=3D=3D=3D=3D=3D
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
=C2=A0>>>>>>> 13.1-RELEASE

--- snip ---

It looks like some comments haven't received the leading #=C2=A0 I have= n't
found any similar error in the internet regarding the upgrade process.
Seems like I'm the only one having this issue.

Can anyone explain to me why this happened and what I can do to prevent this the next time?

Thanks in advance
cheers
sake.


This did bite me as well when I upgrad= ed, but it only happened with the sshd_config.
Please report this= as a bug and it will be fixed.
I did not remember to report it. = I was luck that I had a web-based SSH setup on the server when this bit me = else I'd have been locked out .=C2=A0


--
Best regards,
Odhiambo WASHINGTON,
Nairobi,K= E
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.",=C2=A0egrep -v '^$|^.*#'=C2=A0=C2=AF\_(=E3=83=84)_/=C2=AF=C2=A0:-)
--0000000000001349e705e9913f6a--