[Bug 263045] sshd allows password logins when "PasswordAuthentication no" is set
Date: Mon, 04 Apr 2022 21:51:31 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263045 --- Comment #2 from donaldcallen@gmail.com --- Running 13.1 RC1. I saw the same thing with the 13 release. sshd_config says the default is no password authentication, but you can ssh/scp in with a password, running the stock sshd_config. I'm confused by your statement 'Setting "KbdInteractiveAuthentication no" disables password authentication completely in all these branches.'. That statement is true, but "PasswordAuthentication no" should be sufficient to disable password authentication (that's what it says!!) and that's not the case with 13 release or 13.1 RC1. But it is the case with DragonFlyBSD 6.2.1. DragonFly's default setup: # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords #KbdInteractiveAuthentication yes does NOT allow password logins. -- You are receiving this mail because: You are the assignee for the bug.