Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 May 2022 11:36:19 GMT
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 20feb7838da5 - stable/13 - ssh: update sshd_config for prohibit-password option
Message-ID:  <202205191136.24JBaJCn024922@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/13 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=20feb7838da56a9ddef83042133a89ded8ee5b13

commit 20feb7838da56a9ddef83042133a89ded8ee5b13
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-05-10 14:08:21 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-05-19 11:36:10 +0000

    ssh: update sshd_config for prohibit-password option
    
    The PermitRootLogin option "prohibit-password" was added as a synonym
    for "without-password" in 2015.  Then in 2017 these were swapped:
    "prohibit-password" became the canonical option and "without-password"
    became a deprecated synonym (in OpenSSH commit 071325f458).
    
    The UsePAM description in sshd_config still mentioned
    "without-password."  Update it to match the new canonical option.
    
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    
    (cherry picked from commit 0e12eb7b58ae29ccf52571e82af99c3a3a04b399)
---
 crypto/openssh/sshd_config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config
index eb9bdcc437fb..00b6c4366526 100644
--- a/crypto/openssh/sshd_config
+++ b/crypto/openssh/sshd_config
@@ -79,7 +79,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # be allowed through the KbdInteractiveAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
 # PAM authentication via KbdInteractiveAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
+# the setting of "PermitRootLogin prohibit-password".
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and KbdInteractiveAuthentication to 'no'.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202205191136.24JBaJCn024922>