git: fd7db6dedda1 - stable/13 - release: Remove references to ChallengeResponseAuthentication
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 08 Mar 2022 00:26:07 UTC
The branch stable/13 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=fd7db6dedda12a4d2b6923b4766d5bf31fba8355
commit fd7db6dedda12a4d2b6923b4766d5bf31fba8355
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-03-01 13:54:55 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-03-08 00:25:58 +0000
release: Remove references to ChallengeResponseAuthentication
This sshd_config keyword was replaced by KbdInteractiveAuthentication in
openssh 8.7, though ChallengeResponseAuthentication is silently accepted
as an alias. However, this means that the code in ec2.conf which
modifies a commented-out line no longer does anything. Apply a minimal
fix.
Reviewed by: cperciva, emaste
Sponsored by: The FreeBSD Foundation
(cherry picked from commit c1b656ac55eca1fc191225bd715b31ff25be9031)
---
release/tools/ec2.conf | 5 ++---
release/tools/gce.conf | 2 +-
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf
index bb972c456fbc..c5eef404bf3b 100644
--- a/release/tools/ec2.conf
+++ b/release/tools/ec2.conf
@@ -120,10 +120,9 @@ EOF
# historical "nvd" driver.
echo 'hw.nvme.use_nvd="0"' >> ${DESTDIR}/boot/loader.conf
- # Disable ChallengeResponseAuthentication according to EC2
- # requirements.
+ # Disable KbdInteractiveAuthentication according to EC2 requirements.
sed -i '' -e \
- 's/^#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' \
+ 's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' \
${DESTDIR}/etc/ssh/sshd_config
# Use FreeBSD Update and Portsnap mirrors hosted in AWS
diff --git a/release/tools/gce.conf b/release/tools/gce.conf
index 113784a7643e..903f1e073065 100644
--- a/release/tools/gce.conf
+++ b/release/tools/gce.conf
@@ -69,7 +69,7 @@ EOF
EOF
cat << EOF >> ${DESTDIR}/etc/ssh/sshd_config
-ChallengeResponseAuthentication no
+KbdInteractiveAuthentication no
X11Forwarding no
AcceptEnv LANG
AllowAgentForwarding no