From nobody Tue Jul 29 17:36:54 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bs2bB4RB8z63DLt; Tue, 29 Jul 2025 17:36:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bs2bB35r9z3flk; Tue, 29 Jul 2025 17:36:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1753810614; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=seJr+u78hiWsszCtV3ox9DtZhp7C3Ct9ZGYSz+lBn64=; b=FOAZxoo6JfLsxAxCJa4G4m/1fsltdX+aQZErmt1wK0N+epaF3N7HSWL1oLvLXPrqXllcq5 9zvQLqZKKtMMXSpp0NUhQj04wXqQGDBqEpPdetFLsJ37Rv/+mGxkP9WcHnqg6oxiQPbS2t WiCEvq+JfbabeNh+bANvW3JE+/6Ii3WPRg1if6C9DrFn7rwEcYmEefOVH8zbBJM7p3CdaW wQjEr2tT1BkeG4EChT4ExIM9lTzNfLnX8cF777so4FV59bUcw7nKWYr/whGj2l8cVuNPfS zh5Vd7/CtT18r1fhbJrgTyJTsIkWH09um5DX2SlcY4Wv/xvOrZLLGWXhqyGO7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1753810614; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=seJr+u78hiWsszCtV3ox9DtZhp7C3Ct9ZGYSz+lBn64=; b=PTlK7f4bP4f/HTB+9Af3LT9yBQSKjx6cDYNbR45+kNUlcPMwqxuhktYjbXy9BwM7IKf7Kv WqB5lm2QEb3puvd7ZXoy8pX9KFz0jE2CUclvqc7tF6RMRPLtqQW+eDf1QMMZns2VpXcvmH qogKCv5+Y1cPQs/olPMHvgfUtExLHriMzBMiLvKezQv6FVoy7uvb5y3JbdrK4hV+dKWutz xz994cXjKS8VjufSzPYCEjO9yEoyS271cWuLkZhBnKPCd6eZS/Vj9dwCEwJV8xbGLmaq5F +N3L/BqgypG3gYaRHDP8I4ZR3+vZ/RFA68eJI+BqRlsgQQ9mAKcQBR4N/OwX2w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1753810614; a=rsa-sha256; cv=none; b=VGeVaZ4PqRyQjIp7HskRLbvvey1WJp314wrlGHgX8mkSTfFw/ng7s+pgYNV/HtSQmC3hJ8 N2iejC/jd+n3lEUXqM3mtCOFLTRS2/QH7CUbrs2RIS1JRxJlmq5HY8SqWlt3Ho9qk69Z0h V1S2rnDTl9UrCGjqitb1SCjKMox2kXd4LQ5bMGKFJDZqdJ/q+ZS9etMCace2OKseRvS+4L BHFu0MTn5AZAOky7cDFhvrLttdhUYTEwRGgBzoCfdatgjtfJbZ4KDFPR72tuL+GjWqHqYo 6QpeSI6NPBBB4XzWPIKtM1BNBsasL1xj0wIoL9jW7aP42NS0M11rIa+X+1Jlkg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bs2bB2dNrzhkq; Tue, 29 Jul 2025 17:36:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 56THaspR081704; Tue, 29 Jul 2025 17:36:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 56THasSW081701; Tue, 29 Jul 2025 17:36:54 GMT (envelope-from git) Date: Tue, 29 Jul 2025 17:36:54 GMT Message-Id: <202507291736.56THasSW081701@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ed Maste Subject: git: 8be24d80adb4 - main - ssh: Reduce sshd_config diffs against OpenSSH 10.0p2 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8be24d80adb4ba998240c1b5e20e678852dc0a05 Auto-Submitted: auto-generated The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=8be24d80adb4ba998240c1b5e20e678852dc0a05 commit 8be24d80adb4ba998240c1b5e20e678852dc0a05 Author: Ed Maste AuthorDate: 2025-07-29 17:20:15 +0000 Commit: Ed Maste CommitDate: 2025-07-29 17:36:33 +0000 ssh: Reduce sshd_config diffs against OpenSSH 10.0p2 Upstream had a poor description for KbdInteractiveAuthentication prior to the 10.0p2 release. We use KbdInteractiveAuthentication for PAM authentication, and we replaced the poor description with a note about use by PAM. In 10.0p2 the upstream description has been fixed. Incorporate that text now as it is an improvement and avoids a conflict in the upcoming 10.0p2 import. Reviewed by: jhb Sponsored by: The FreeBSD Foundation --- crypto/openssh/sshd_config | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index a17484b1da2d..88c93386db65 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -56,12 +56,15 @@ AuthorizedKeysFile .ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes -# Change to yes to enable built-in password authentication. +# Change to "yes" to enable built-in password authentication. # Note that passwords may also be accepted via KbdInteractiveAuthentication. #PasswordAuthentication no #PermitEmptyPasswords no -# Change to no to disable PAM authentication +# Change to "no" to disable keyboard-interactive authentication. Depending on +# the system's configuration, this may involve passwords, challenge-response, +# one-time passwords or some combination of these and other methods. +# Keyboard interactive authentication is also used for PAM authentication. #KbdInteractiveAuthentication yes # Kerberos options