From nobody Wed Oct 19 13:01:00 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MsrSr4Rw3z4fvHQ; Wed, 19 Oct 2022 13:01:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MsrSr3fPkz3FNR; Wed, 19 Oct 2022 13:01:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1666184460; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eYNTHpRKW3bco/Q7fq7ovuNnQ+WQ4jM4173AV9QU9JI=; b=UqBwHBl2s5aUVaadXXo4i/6WgMHmgVf4/4Iq2whz/8Vp+s/36Xlnsn42JGE5mA4+bNW3Nj KfpVR4ca261Ccfkpwy0/XI1Ey1lmeQKlXBG62yOKlmxaduwiUHghyYBIbwKT+Udg86jw98 UMIY86zgjO2lLiKLf07jAK1eSyv2LETgAiGbah4eFNPvBP7TbwG2P9Bmx3Kxp3BrglfIY2 qDE/2UfeV1LPY793CnDLxEVr8OPjTEYkDAbQkJqN5FL16/hgGRI2qmX2os6WAyTJ7D3MBe 6E9FPNUmnO5ksc9A8kyyQ4QdjP2FoiZpjAofjYhKcHohireD719qGnheRyVJPw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MsrSr2jDDzXpp; Wed, 19 Oct 2022 13:01:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 29JD10tu045295; Wed, 19 Oct 2022 13:01:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 29JD10I9045294; Wed, 19 Oct 2022 13:01:00 GMT (envelope-from git) Date: Wed, 19 Oct 2022 13:01:00 GMT Message-Id: <202210191301.29JD10I9045294@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: a8925e0e578f - stable/13 - nanobsd: remove unmodified copies of ssh config files List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: a8925e0e578f355a201f81bf52161d6312826911 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1666184460; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eYNTHpRKW3bco/Q7fq7ovuNnQ+WQ4jM4173AV9QU9JI=; b=NofEDVe7M78zyC73HqrOlbDN5t1GD3AJZAdEQg+f1N+derD1bR6u/nVjPCN5zV47yd7x/p EMc41vmflVfLanCFu+98zuQDPEGs+KnNBltoCme0w0xqQd4cpQAwJ4vd0lMvWguHcwU2Jb w2BPK/7poFMMzQg2QJMjwjVOm4GFvMn96+AwoZ4FavoUEIqWf76uCj/W9Ie+SRanOZpRQm uJA+K07QoBf6Pdbi851fs9TPme/hF/doIWZ/G6qN6lrsRF4ctUYMSHP/LL9cdHsBjJVLTo Q13W9fMv2r2XNqsHjfC0p07fGh33vC9F3D41l7hz3DzlXd6OSX5bHuhIExq/9A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1666184460; a=rsa-sha256; cv=none; b=ySppzvMgNvt78bEoNzkuBXJTBoPPBN4pP/iBniSsU20lNTzd2zaOOo2auBsYCFz019ep7f 0RS+PY3JpEtEMaxbzUnZauGc77u8rtQRxNye8FawwW1MqnSUAz+5R4bh3BfamX/4pGkRHc QmNMd5x7EA26LzQM/odbUKF+W72e1SGfCM0fh35yThDqm8DHIKUqtf0YkTTOYv6dEBRA1H j2Ob8IIOYDqXKaLqjoEYotfhz3CdAvQXglWIOUUwMZxfaaBxRWtFoajq3cxI5o6brTD3ly qrEMsRNdKpOTqvWp/EEWzqCzh270gd/bCal4WVORjtrE/zyQcqrBT1IveLfB7A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=a8925e0e578f355a201f81bf52161d6312826911 commit a8925e0e578f355a201f81bf52161d6312826911 Author: Ed Maste AuthorDate: 2022-04-13 21:04:33 +0000 Commit: Ed Maste CommitDate: 2022-10-19 13:00:10 +0000 nanobsd: remove unmodified copies of ssh config files Nanobsd included copies of ssh_config and sshd_config. The former is identical to the one provided by the base system, and the latter is identical except for PermitRootLogin, which is updated by nanobsd's cust_allow_ssh_root anyhow. Remove nanobsd's copies and use the existing base system ones. Reported by: Jose Luis Duran in D34937 Reviewed by: Jose Luis Duran , imp Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D36933 (cherry picked from commit 42942998437d9304110e39b04552853729aa498e) (cherry picked from commit 6e6c45e66f68e68b451a27430f51a687e00bad15) (cherry picked from commit a1e39f96d244fe30a3277c9cefbfd23e046cf845) --- crypto/openssh/FREEBSD-upgrade | 9 +- .../tools/nanobsd/rescue/Files/etc/ssh/ssh_config | 49 --------- .../tools/nanobsd/rescue/Files/etc/ssh/sshd_config | 121 --------------------- 3 files changed, 2 insertions(+), 177 deletions(-) diff --git a/crypto/openssh/FREEBSD-upgrade b/crypto/openssh/FREEBSD-upgrade index 82e1234a7bab..3045cc3263b6 100644 --- a/crypto/openssh/FREEBSD-upgrade +++ b/crypto/openssh/FREEBSD-upgrade @@ -103,16 +103,11 @@ something significant changes or if ssh_namespace.h is out of whack. -12) Update nanobsd's copies of the ssh config files: - - tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config - tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config - -13) Check for references to obsolete configuration options +12) Check for references to obsolete configuration options (e.g., ChallengeResponseAuthentication in sshd_config) which may exist in release/ scripts. -14) Commit, and hunker down for the inevitable storm of complaints. +13) Commit, and hunker down for the inevitable storm of complaints. diff --git a/tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config b/tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config deleted file mode 100644 index 3b2ca9aa6d8d..000000000000 --- a/tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config +++ /dev/null @@ -1,49 +0,0 @@ -# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $ -# $FreeBSD$ - -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. - -# Host * -# ForwardAgent no -# ForwardX11 no -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# BatchMode no -# CheckHostIP no -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# IdentityFile ~/.ssh/id_ecdsa -# IdentityFile ~/.ssh/id_ed25519 -# Port 22 -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no -# VisualHostKey no -# ProxyCommand ssh -q -W %h:%p gateway.example.com -# RekeyLimit 1G 1h -# UserKnownHostsFile ~/.ssh/known_hosts.d/%k -# VerifyHostKeyDNS yes -# VersionAddendum FreeBSD-20211221 diff --git a/tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config b/tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config deleted file mode 100644 index 81ff5a66d22c..000000000000 --- a/tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config +++ /dev/null @@ -1,121 +0,0 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ -# $FreeBSD$ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -# Note that some of FreeBSD's defaults differ from OpenBSD's, and -# FreeBSD has a few additional options. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# Change to yes to enable built-in password authentication. -#PasswordAuthentication no -#PermitEmptyPasswords no - -# Change to no to disable PAM authentication -#KbdInteractiveAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'no' to disable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -#UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS yes -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#UseBlacklist no -#VersionAddendum FreeBSD-20211221 - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/libexec/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server