Date: Mon, 1 Feb 2016 12:29:42 -0800 From: Bryan Drewery <bdrewery@FreeBSD.org> To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r294464 - in head: crypto/openssh crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-compat crypto/openssh/regress crypto/openssh/regress/unittests crypto/... Message-ID: <56AFC036.6080508@FreeBSD.org> In-Reply-To: <201601202257.u0KMvA89056089@repo.freebsd.org> References: <201601202257.u0KMvA89056089@repo.freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On 1/20/2016 2:57 PM, Dag-Erling Smørgrav wrote: > Author: des > Date: Wed Jan 20 22:57:10 2016 > New Revision: 294464 > URL: https://svnweb.freebsd.org/changeset/base/294464 > > Log: > Upgrade to OpenSSH 7.0p1. ... > Index: crypto/openssh/sshd_config > =================================================================== > --- crypto/openssh/sshd_config (revision 294463) > +++ crypto/openssh/sshd_config (revision 294464) > @@ -1,4 +1,4 @@ > -# $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $ > +# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ > # $FreeBSD$ > > # This is the sshd server system-wide configuration file. See > @@ -45,7 +45,7 @@ > # Authentication: > > #LoginGraceTime 2m > -#PermitRootLogin no > +#PermitRootLogin prohibit-password > #StrictModes yes > #MaxAuthTries 6 > #MaxSessions 10 Shouldn't the comments note the default? The default here is still 'no'. Upstream 7.1p2 does use PERMIT_NO_PASSWD rather than PERMIT_NO that we have. I think we should make this change: > Index: crypto/openssh/servconf.c > =================================================================== > --- crypto/openssh/servconf.c (revision 294275) > +++ crypto/openssh/servconf.c (working copy) > @@ -202,7 +202,7 @@ > if (options->key_regeneration_time == -1) > options->key_regeneration_time = 3600; > if (options->permit_root_login == PERMIT_NOT_SET) > - options->permit_root_login = PERMIT_NO; > + options->permit_root_login = PERMIT_NO_PASSWD; > if (options->ignore_rhosts == -1) > options->ignore_rhosts = 1; > if (options->ignore_user_known_hosts == -1) -- Regards, Bryan Drewery [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJWr8BBAAoJEDXXcbtuRpfPJUEH/jCp2P0zdoqXT8R9lySoMJx1 Lfa8+v4U2ZuPiclEitHxZj0C0mugx0p6I5PC60vd7XX4//WNqNNANTxc6gIey/7I aQqlxI3/7AzNpi3Q6zlEemAOV9GWxQxbWwlArZVUJAkWj5GoMRx7ZRmch6ebosO3 4iSE8zZwVCIFq53V6J6MLEfyRLF0I17OkffyF85VbUiLS61TeAN6PWk04CQz9Xdl QyV5YVNpL6cvpPyYG/Vv9nl321YYv7nrYeRLnFnCH1jRtW7bgQGJuViSDYQk+Q7Y qTFQWlSZ9ngjlMdl2gYUQAnT4mAySfE11JNOeSC1gys6JLbPhTp4N+yXzKgzOtE= =fcFM -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56AFC036.6080508>