From nobody Wed May 18 21:22:53 2022 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 86EE81AEF47F for ; Wed, 18 May 2022 21:22:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4L3Qv24tWqz4YHc for ; Wed, 18 May 2022 21:22:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BA3F610EBF for ; Wed, 18 May 2022 21:22:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 24ILMrmj046107 for ; Wed, 18 May 2022 21:22:53 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 24ILMrxt046106 for ports-bugs@FreeBSD.org; Wed, 18 May 2022 21:22:53 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 263045] sshd password configuration options are unclear Date: Wed, 18 May 2022 21:22:53 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: donaldcallen@gmail.com X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1652908975; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sratBl2KmxHdEkO2Wq4S7m0wJi62uSQ6LqC2kRoFCAA=; b=yhXjiP9uQuiS8qPbheBwh7u58y+rGMe0ZvcIkf1dEtSL95Q+CSa7w6qbJB5C2zlL5cDmIK hQD9FZC/BflTSQRvDtJa1TUEG2iyo2W3Br1W435Zw+Dxd6YVdcn81d1gGBSvVDCfnLitzp kAkbAbYU1J5GaMWUFl7wZ3U5fwBbUg2vC1qDQvOfSr1zV+lNRcoXNyINff3oNk/y2qIYNW P4m9SiyGOE5aTBSlTZLp/2M91wTCqnA7XUzEK69CQDPjAS0rprYhg+nl1ODNCmTZDcoils nZ9PQi+4uWAZ3i7AS+Emagu2AF/xlNeHdm2Nq5NfI0VIxwhKRr0OUEYjwYlIVg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1652908975; a=rsa-sha256; cv=none; b=N8V+CsMfqrTZftaoQLF+4dVE1awbzdO14GYAywp8V7f2hkh+wTNhPWimGVWamDfrzp3EGO och+t8CtZtKhnD2ILe2cGQS/HGnLdR1LNkDy9kOeymRpk/kKu5tzUtbkZkzgJ7FObqNlWB GMC1DnN6ytL5XvOynUgH3CWG/c0c6ix2sdGEGGlcMWXgxse1Kn2EeD9r895tTyJSgTECUw ihnhs1GKsX650jW8p7SKhqDxn/MbnWiGQxYz6+Fn9OxCPSD7OgP9+zPxYPXte5GZrKYnND RefesrG2E+FBmk4Tt7GISB6dqHVlBLv+LQ5u8SkyxzHM7bFX+ZTqiNU5yS8qgQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263045 --- Comment #11 from donaldcallen@gmail.com --- (In reply to Marek Zarychta from comment #10) And people commenting on bug reports should learn to read. Ah, the old RTFM trick. Well what if the FM doesn't provide the necessary information or is just plain wrong? "PasswordAuthentication no" in most languages, English included means no password authentication. As for another part of your snotty message, man 5 sshd_config says: " PasswordAuthentication Specifies whether password authentication is allowed. See also UsePAM. The default is no. " The first sentence of that is pretty definitive, implying that this setting determines whether password authentication is allowed. It doesn't. So let's look at UsePAM: " UsePAM Enables the Pluggable Authentication Module interface. If set to yes this will enable PAM authentication using KbdInteractiveAuthentication and PasswordAuthentication in addition to PAM account and session module processing for all authentication types. Because PAM keyboard-interactive authentication usually serves= an equivalent role to password authentication, you should disable either PasswordAuthentication or KbdInteractiveAuthentication. If UsePAM is enabled, you will not be able to run sshd(8) as a non-root user. The default is yes." If you think this is documentation understandable by anyone other than the person who wrote the code, then we have nothing else to talk about. We prob= ably don't anyway. What I am wasting my time requesting here is a CLEAR INDICATION in the defa= ult sshd_config as to how to enable or disable password authentication. And I repeat -- Dragonfly gets this right. Matt and Co. have done the sensible th= ing here. And I would remind you that this is a security issue. But typically, trying to convince you people to make a small DOCUMENTATION change is like pulling teeth. I can only imagine what it would be like if I wanted you to change a line of code. This is a typical example of what gets= me crazy about FreeBSD, despite the systems' many virtues. It always feels like dealing with a big, stupid committee that just can't make sensible decision= s. --=20 You are receiving this mail because: You are the assignee for the bug.=