Date: Wed, 18 May 2022 21:22:53 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 263045] sshd password configuration options are unclear Message-ID: <bug-263045-7788-YH58ntcqGS@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-263045-7788@https.bugs.freebsd.org/bugzilla/> References: <bug-263045-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263045 --- Comment #11 from donaldcallen@gmail.com --- (In reply to Marek Zarychta from comment #10) And people commenting on bug reports should learn to read. Ah, the old RTFM trick. Well what if the FM doesn't provide the necessary information or is just plain wrong? "PasswordAuthentication no" in most languages, English included means no password authentication. As for another part of your snotty message, man 5 sshd_config says: " PasswordAuthentication Specifies whether password authentication is allowed. See also UsePAM. The default is no. " The first sentence of that is pretty definitive, implying that this setting determines whether password authentication is allowed. It doesn't. So let's look at UsePAM: " UsePAM Enables the Pluggable Authentication Module interface. If set to yes this will enable PAM authentication using KbdInteractiveAuthentication and PasswordAuthentication in addition to PAM account and session module processing for all authentication types. Because PAM keyboard-interactive authentication usually serves= an equivalent role to password authentication, you should disable either PasswordAuthentication or KbdInteractiveAuthentication. If UsePAM is enabled, you will not be able to run sshd(8) as a non-root user. The default is yes." If you think this is documentation understandable by anyone other than the person who wrote the code, then we have nothing else to talk about. We prob= ably don't anyway. What I am wasting my time requesting here is a CLEAR INDICATION in the defa= ult sshd_config as to how to enable or disable password authentication. And I repeat -- Dragonfly gets this right. Matt and Co. have done the sensible th= ing here. And I would remind you that this is a security issue. But typically, trying to convince you people to make a small DOCUMENTATION change is like pulling teeth. I can only imagine what it would be like if I wanted you to change a line of code. This is a typical example of what gets= me crazy about FreeBSD, despite the systems' many virtues. It always feels like dealing with a big, stupid committee that just can't make sensible decision= s. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-263045-7788-YH58ntcqGS>