From nobody Fri Aug 29 15:07:24 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cD1pP1tRXz65hNC; Fri, 29 Aug 2025 15:07:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cD1pP1JJtz3wV4; Fri, 29 Aug 2025 15:07:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1756480045; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ff/X6A2aM9x3Kqtj1yUdHmKuFtUF0Or/cbNc4wPCqY0=; b=mRr/Ewq490aw0rF80gKD0/G6/SO04YuVs8lq6QWPQsySJ5zKw1th6hOfU3aBGHDdL2ShS2 vcO+GxDUMze3WQsvDslWfmX2TMrhtieR3KGljGQAr9ic7PcdCqsLMebJDLAOyBq20QM/9H 9FalrJNVagjcx9BzPANowS1Iy9Q0Rzpe/jv+1pxQh4KyVgh17HEc3iPn2gxvqpBAN2pGm3 uVxDQlNhi6pp0/yI2VxDOVOE9QCArYuvtZz10ZhXPSH3lmLdceCIqdciwLx2cyIOFAEtTq QwRqd3zp/zeCHaEhmMf0iXA6bTBPvST3ZqINormCC9HHrzahZdkU9Uif5TOpTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1756480045; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ff/X6A2aM9x3Kqtj1yUdHmKuFtUF0Or/cbNc4wPCqY0=; b=J4dijYUFqKL8hGdG+MXhbcgcvYaRMq3+QwQkuJaO5QHQDmMhMi5AeDHJxtYIEteE/69IC8 ydAbrzIVf38m90cBlbFbNPCLkI0mPsrvqlmPxTofWgjXvFPygEbplcSvA+3cl4543zRMnj lHZdLie6wpdW+SIZNgc2GeroXoe0gkSk+PQ4rekb9xw8vbN/pqw9z1mDFUKwmHuZwa8l+f 935qNj36WDfHM2T6NrGPma6XjOIwMR9ZuzbAoAunZ4l4fPhbwfgQw/YMGmVEcByidQWYm3 JDyEkmm5AL4e1i4NiUVoJdYQ/Rttiq8pP5DpYUu3O/8lccJRNK0aT44UmQ0h9Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1756480045; a=rsa-sha256; cv=none; b=NFE3fJXWsOobZk5d/dWFFYaxOeC+uVY7c+6uDRJhEmPI0lUCxrq6BG7T3k0WAoqbrismOM 0dux//dMIjgBeoKjEXegRsZEI+9EhRv+jNWlYSOKist/qzDKMSi+1B+tYTX45depyvpLDC KYnvKl65ZhX3+ymAAP2bVGSeRhWAQ7DXFKK1XVBm9ajKbciOhD8hb+e2/ixQ17YirjcpXW MuwQ/Bx0TODTIgSkvFflhj3+T3CHFhWluQ+4U5LzKKiMxO+Nq8I0K4l0oqTBJKfjgB64Oz 1BuKdxBUIwzFCiyHrIwgfW2eHcdmXGJSw3AdESKy72nlFcYaTvnqrx9rwWWubw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cD1pP0k83zlNF; Fri, 29 Aug 2025 15:07:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 57TF7P2j081391; Fri, 29 Aug 2025 15:07:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 57TF7OAr081388; Fri, 29 Aug 2025 15:07:24 GMT (envelope-from git) Date: Fri, 29 Aug 2025 15:07:24 GMT Message-Id: <202508291507.57TF7OAr081388@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 1105ee91f45a - stable/14 - ssh: Reduce sshd_config diffs against OpenSSH 10.0p2 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 1105ee91f45a8c7e4141a295a57a478ea0dee985 Auto-Submitted: auto-generated The branch stable/14 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=1105ee91f45a8c7e4141a295a57a478ea0dee985 commit 1105ee91f45a8c7e4141a295a57a478ea0dee985 Author: Ed Maste AuthorDate: 2025-07-29 17:20:15 +0000 Commit: Ed Maste CommitDate: 2025-08-29 15:06:47 +0000 ssh: Reduce sshd_config diffs against OpenSSH 10.0p2 Upstream had a poor description for KbdInteractiveAuthentication prior to the 10.0p2 release. We use KbdInteractiveAuthentication for PAM authentication, and we replaced the poor description with a note about use by PAM. In 10.0p2 the upstream description has been fixed. Incorporate that text now as it is an improvement and avoids a conflict in the upcoming 10.0p2 import. Reviewed by: jhb Sponsored by: The FreeBSD Foundation (cherry picked from commit 8be24d80adb4ba998240c1b5e20e678852dc0a05) --- crypto/openssh/sshd_config | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index a17484b1da2d..88c93386db65 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -56,12 +56,15 @@ AuthorizedKeysFile .ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes -# Change to yes to enable built-in password authentication. +# Change to "yes" to enable built-in password authentication. # Note that passwords may also be accepted via KbdInteractiveAuthentication. #PasswordAuthentication no #PermitEmptyPasswords no -# Change to no to disable PAM authentication +# Change to "no" to disable keyboard-interactive authentication. Depending on +# the system's configuration, this may involve passwords, challenge-response, +# one-time passwords or some combination of these and other methods. +# Keyboard interactive authentication is also used for PAM authentication. #KbdInteractiveAuthentication yes # Kerberos options