git: 48128454f0c4 - stable/12 - nanobsd: remove unmodified copies of ssh config files
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 19 Oct 2022 13:01:32 UTC
The branch stable/12 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=48128454f0c4e27b5b586b988ff916644f02a8b2 commit 48128454f0c4e27b5b586b988ff916644f02a8b2 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2022-04-13 21:04:33 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2022-10-19 13:01:22 +0000 nanobsd: remove unmodified copies of ssh config files Nanobsd included copies of ssh_config and sshd_config. The former is identical to the one provided by the base system, and the latter is identical except for PermitRootLogin, which is updated by nanobsd's cust_allow_ssh_root anyhow. Remove nanobsd's copies and use the existing base system ones. Reported by: Jose Luis Duran <jlduran@gmail.com> in D34937 Reviewed by: Jose Luis Duran <jlduran@gmail.com>, imp Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D36933 (cherry picked from commit 42942998437d9304110e39b04552853729aa498e) (cherry picked from commit 6e6c45e66f68e68b451a27430f51a687e00bad15) (cherry picked from commit a1e39f96d244fe30a3277c9cefbfd23e046cf845) (cherry picked from commit a8925e0e578f355a201f81bf52161d6312826911) --- crypto/openssh/FREEBSD-upgrade | 9 +- .../tools/nanobsd/rescue/Files/etc/ssh/ssh_config | 49 --------- .../tools/nanobsd/rescue/Files/etc/ssh/sshd_config | 121 --------------------- 3 files changed, 2 insertions(+), 177 deletions(-) diff --git a/crypto/openssh/FREEBSD-upgrade b/crypto/openssh/FREEBSD-upgrade index 3ec063a5923d..50ef62d3fec6 100644 --- a/crypto/openssh/FREEBSD-upgrade +++ b/crypto/openssh/FREEBSD-upgrade @@ -103,16 +103,11 @@ something significant changes or if ssh_namespace.h is out of whack. -12) Update nanobsd's copies of the ssh config files: - - tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config - tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config - -13) Check for references to obsolete configuration options +12) Check for references to obsolete configuration options (e.g., ChallengeResponseAuthentication in sshd_config) which may exist in release/ scripts. -14) Commit, and hunker down for the inevitable storm of complaints. +13) Commit, and hunker down for the inevitable storm of complaints. diff --git a/tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config b/tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config deleted file mode 100644 index 3b2ca9aa6d8d..000000000000 --- a/tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config +++ /dev/null @@ -1,49 +0,0 @@ -# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $ -# $FreeBSD$ - -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. - -# Host * -# ForwardAgent no -# ForwardX11 no -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# BatchMode no -# CheckHostIP no -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# IdentityFile ~/.ssh/id_ecdsa -# IdentityFile ~/.ssh/id_ed25519 -# Port 22 -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no -# VisualHostKey no -# ProxyCommand ssh -q -W %h:%p gateway.example.com -# RekeyLimit 1G 1h -# UserKnownHostsFile ~/.ssh/known_hosts.d/%k -# VerifyHostKeyDNS yes -# VersionAddendum FreeBSD-20211221 diff --git a/tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config b/tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config deleted file mode 100644 index 81ff5a66d22c..000000000000 --- a/tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config +++ /dev/null @@ -1,121 +0,0 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ -# $FreeBSD$ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -# Note that some of FreeBSD's defaults differ from OpenBSD's, and -# FreeBSD has a few additional options. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# Change to yes to enable built-in password authentication. -#PasswordAuthentication no -#PermitEmptyPasswords no - -# Change to no to disable PAM authentication -#KbdInteractiveAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'no' to disable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -#UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS yes -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#UseBlacklist no -#VersionAddendum FreeBSD-20211221 - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/libexec/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server