svn commit: r372676 - in head/security/openssh-portable: . files
Bryan Drewery
bdrewery at FreeBSD.org
Mon Nov 17 18:08:17 UTC 2014
Author: bdrewery
Date: Mon Nov 17 18:08:14 2014
New Revision: 372676
URL: https://svnweb.freebsd.org/changeset/ports/372676
QAT: https://qat.redports.org/buildarchive/r372676/
Log:
- Update to 6.7p1.
Several patches do not currently apply. Use security/openssh-portable66 for:
HPN, NONECIPHER, KERB_GSSAPI, X509.
- Add a TCP_WRAPPER patch to re-enable support after it was removed upstream.
Added:
head/security/openssh-portable/files/extra-patch-tcpwrappers (contents, props changed)
Deleted:
head/security/openssh-portable/files/extra-patch-openssh661
Modified:
head/security/openssh-portable/Makefile
head/security/openssh-portable/distinfo
head/security/openssh-portable/files/patch-readconf.c
head/security/openssh-portable/files/patch-ssh-agent.c
head/security/openssh-portable/files/patch-sshd_config.5
Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile Mon Nov 17 17:51:51 2014 (r372675)
+++ head/security/openssh-portable/Makefile Mon Nov 17 18:08:14 2014 (r372676)
@@ -2,8 +2,8 @@
# $FreeBSD$
PORTNAME= openssh
-DISTVERSION= 6.6p1
-PORTREVISION= 4
+DISTVERSION= 6.7p1
+PORTREVISION= 0
PORTEPOCH= 1
CATEGORIES= security ipv6
MASTER_SITES= ${MASTER_SITE_OPENBSD}
@@ -33,33 +33,31 @@ ETCOLD= ${PREFIX}/etc
SUDO?= # empty
MAKE_ENV+= SUDO="${SUDO}"
-# https://github.com/openssh/openssh-portable/commit/5618210618256bbf5f4f71b2887ff186fd451736.patch
-EXTRA_PATCHES+= ${FILESDIR}/extra-patch-openssh661
-
OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT BSM \
- HPN LPK X509 KERB_GSSAPI \
+ HPN X509 KERB_GSSAPI \
OVERWRITE_BASE SCTP AES_THREADED LDNS NONECIPHER
-OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS HPN LDNS NONECIPHER
+OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS
OPTIONS_RADIO= KERBEROS
OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE
TCP_WRAPPERS_DESC= tcp_wrappers support
BSM_DESC= OpenBSM Auditing
-KERB_GSSAPI_DESC= Kerberos/GSSAPI patch (req: GSSAPI)
-HPN_DESC= HPN-SSH patch
-LPK_DESC= LDAP Public Key (LPK) [OBSOLETE]
+KERB_GSSAPI_DESC= Kerberos/GSSAPI patch (req: GSSAPI) [BROKEN]
+HPN_DESC= HPN-SSH patch [BROKEN]
LDNS_DESC= SSHFP/LDNS support
-X509_DESC= x509 certificate patch
+X509_DESC= x509 certificate patch [BROKEN]
SCTP_DESC= SCTP support
OVERWRITE_BASE_DESC= OpenSSH overwrite base
HEIMDAL_DESC= Heimdal Kerberos (security/heimdal)
HEIMDAL_BASE_DESC= Heimdal Kerberos (base)
MIT_DESC= MIT Kerberos (security/krb5)
-AES_THREADED_DESC= Threaded AES-CTR
-NONECIPHER_DESC= NONE Cipher support
+AES_THREADED_DESC= Threaded AES-CTR [BROKEN]
+NONECIPHER_DESC= NONE Cipher support [BROKEN]
OPTIONS_SUB= yes
PLIST_SUB+= MANPREFIX=${MANPREFIX}
+TCP_WRAPPERS_EXTRA_PATCHES=${FILESDIR}/extra-patch-tcpwrappers
+
LDNS_CONFIGURE_WITH= ldns
LDNS_LIB_DEPENDS= libldns.so:${PORTSDIR}/dns/ldns
LDNS_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ldns
@@ -72,24 +70,13 @@ HPN_CONFIGURE_WITH= hpn
NONECIPHER_CONFIGURE_WITH= nonecipher
AES_THREADED_CONFIGURE_WITH= aes-threaded
-# See http://code.google.com/p/openssh-lpk/wiki/Main
-# and svn repo described here:
-# http://code.google.com/p/openssh-lpk/source/checkout
-# LPK is now OBSOLETE with 6.2: https://code.google.com/p/openssh-lpk/issues/detail?id=15#c1
-LPK_PATCHFILES= ${PORTNAME}-lpk-6.3p1.patch.gz
-LPK_CPPFLAGS= -I${LOCALBASE}/include
-LPK_CONFIGURE_ON= --with-ldap=yes \
- --with-ldflags='-L${LOCALBASE}/lib' \
- --with-cppflags='${CPPFLAGS}'
-LPK_USE= OPENLDAP=yes
-
# See http://www.roumenpetrov.info/openssh/
X509_VERSION= 7.9
X509_PATCH_SITES= http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509
X509_PATCHFILES= ${PORTNAME}-6.6p1+x509-${X509_VERSION}.diff.gz:-p1:x509
# See https://bugzilla.mindrot.org/show_bug.cgi?id=2016
-SCTP_PATCHFILES= ${PORTNAME}-6.6p1-sctp-2329.patch.gz
+SCTP_PATCHFILES= ${PORTNAME}-6.7p1-sctp-2496.patch.gz:-p1
SCTP_CONFIGURE_WITH= sctp
# 6.6 patch taken from http://www.stacken.kth.se/~haba/ which was originally
@@ -137,6 +124,16 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch
.endif
.if ${PORT_OPTIONS:MX509}
+BROKEN= X509 does not apply yet. Use security/openssh-portable66
+.endif
+.if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MAES_THREADED} || ${PORT_OPTIONS:MNONECIPHER}
+BROKEN= HPN does not apply yet. Use security/openssh-portable66
+.endif
+.if ${PORT_OPTIONS:MKERB_GSSAPI}
+BROKEN= KERB_GSSAPI does not apply yet. Use security/openssh-portable66
+.endif
+
+.if ${PORT_OPTIONS:MX509}
. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MAES_THREADED} || ${PORT_OPTIONS:MNONECIPHER}
BROKEN= X509 patch and HPN patch do not apply cleanly together
. endif
@@ -145,10 +142,6 @@ BROKEN= X509 patch and HPN patch do not
BROKEN= X509 patch and SCTP patch do not apply cleanly together
. endif
-. if ${PORT_OPTIONS:MLPK}
-BROKEN= X509 patch and LPK patch do not apply cleanly together
-. endif
-
. if ${PORT_OPTIONS:MKERB_GSSAPI}
BROKEN= X509 patch incompatible with KERB_GSSAPI patch
. endif
@@ -196,10 +189,6 @@ IGNORE= KERB_GSSAPI requires one of MIT
CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE}
.endif
-.if ${PORT_OPTIONS:MLPK}
-CONFIGURE_LIBS+= -lldap
-.endif
-
EMPTYDIR= /var/empty
.if ${PORT_OPTIONS:MOVERWRITE_BASE}
Modified: head/security/openssh-portable/distinfo
==============================================================================
--- head/security/openssh-portable/distinfo Mon Nov 17 17:51:51 2014 (r372675)
+++ head/security/openssh-portable/distinfo Mon Nov 17 18:08:14 2014 (r372676)
@@ -1,5 +1,5 @@
-SHA256 (openssh-6.6p1.tar.gz) = 48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb
-SIZE (openssh-6.6p1.tar.gz) = 1282502
+SHA256 (openssh-6.7p1.tar.gz) = b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507
+SIZE (openssh-6.7p1.tar.gz) = 1351367
SHA256 (openssh-6.6.1p1-hpnssh14v2.diff.gz) = b7f5bd22f1c0bacd41fc4884aeb19bba460d548af875eeb6c857cb77bab53376
SIZE (openssh-6.6.1p1-hpnssh14v2.diff.gz) = 24473
SHA256 (openssh-6.6p1+x509-7.9.diff.gz) = 463473f75c1dc250ea4eda21f2c79df6f0b479ea499d044cb51d73073881ca34
@@ -8,5 +8,5 @@ SHA256 (openssh-6.6p1-gsskex-all-2014031
SIZE (openssh-6.6p1-gsskex-all-20140318.patch.gz) = 24299
SHA256 (openssh-lpk-6.3p1.patch.gz) = d2a8b7da7acebac2afc4d0a3dffe8fca2e49900cf733af2e7012f2449b3668e1
SIZE (openssh-lpk-6.3p1.patch.gz) = 17815
-SHA256 (openssh-6.6p1-sctp-2329.patch.gz) = e054529810815d63f7de5d1c6cc76fccb7766e1b2d1b62438ca83770afac9bfa
-SIZE (openssh-6.6p1-sctp-2329.patch.gz) = 8695
+SHA256 (openssh-6.7p1-sctp-2496.patch.gz) = ec2b6aa8a6d65a2c11d4453a25294ae5082e7ed7c9f418ec081f750bfba022db
+SIZE (openssh-6.7p1-sctp-2496.patch.gz) = 8052
Added: head/security/openssh-portable/files/extra-patch-tcpwrappers
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/openssh-portable/files/extra-patch-tcpwrappers Mon Nov 17 18:08:14 2014 (r372676)
@@ -0,0 +1,179 @@
+Revert TCPWRAPPER removal -bdrewery
+$FreeBSD$
+
+commit f2719b7c2b8a3b14d778d8a6d8dc729b5174b054
+Author: Damien Miller <djm at mindrot.org>
+Date: Sun Apr 20 13:22:18 2014 +1000
+
+ - tedu at cvs.openbsd.org 2014/03/26 19:58:37
+ [sshd.8 sshd.c]
+ remove libwrap support. ok deraadt djm mfriedl
+
+diff --git sshd.8 sshd.8
+index 289e13d..e6a900b 100644
+--- sshd.8
++++ sshd.8
+@@ -851,6 +851,12 @@ the user's home directory becomes accessible.
+ This file should be writable only by the user, and need not be
+ readable by anyone else.
+ .Pp
++.It Pa /etc/hosts.allow
++.It Pa /etc/hosts.deny
++Access controls that should be enforced by tcp-wrappers are defined here.
++Further details are described in
++.Xr hosts_access 5 .
++.Pp
+ .It Pa /etc/hosts.equiv
+ This file is for host-based authentication (see
+ .Xr ssh 1 ) .
+@@ -954,6 +960,7 @@ The content of this file is not sensitive; it can be world-readable.
+ .Xr ssh-keygen 1 ,
+ .Xr ssh-keyscan 1 ,
+ .Xr chroot 2 ,
++.Xr hosts_access 5 ,
+ .Xr login.conf 5 ,
+ .Xr moduli 5 ,
+ .Xr sshd_config 5 ,
+diff --git sshd.c sshd.c
+index 0ade557..045f149 100644
+--- sshd.c
++++ sshd.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: sshd.c,v 1.421 2014/03/26 19:58:37 tedu Exp $ */
++/* $OpenBSD: sshd.c,v 1.422 2014/03/27 23:01:27 markus Exp $ */
+ /*
+ * Author: Tatu Ylonen <ylo at cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
+@@ -122,6 +122,13 @@
+ #include "ssh-sandbox.h"
+ #include "version.h"
+
++#ifdef LIBWRAP
++#include <tcpd.h>
++#include <syslog.h>
++int allow_severity;
++int deny_severity;
++#endif /* LIBWRAP */
++
+ #ifndef O_NOCTTY
+ #define O_NOCTTY 0
+ #endif
+@@ -2027,6 +2034,24 @@ main(int ac, char **av)
+ #ifdef SSH_AUDIT_EVENTS
+ audit_connection_from(remote_ip, remote_port);
+ #endif
++#ifdef LIBWRAP
++ allow_severity = options.log_facility|LOG_INFO;
++ deny_severity = options.log_facility|LOG_WARNING;
++ /* Check whether logins are denied from this host. */
++ if (packet_connection_is_on_socket()) {
++ struct request_info req;
++
++ request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
++ fromhost(&req);
++
++ if (!hosts_access(&req)) {
++ debug("Connection refused by tcp wrapper");
++ refuse(&req);
++ /* NOTREACHED */
++ fatal("libwrap refuse returns");
++ }
++ }
++#endif /* LIBWRAP */
+
+ /* Log the connection. */
+ verbose("Connection from %s port %d on %s port %d",
+commit f9696566fb41320820f3b257ab564fa321bb3751
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Fri Jun 13 11:06:04 2014 +1000
+
+ - (dtucker) [configure.ac] Remove tcpwrappers support, support has already
+ been removed from sshd.c.
+
+diff --git ChangeLog ChangeLog
+index f4c6ea6..1c043ae 100644
+--- ChangeLog
++++ ChangeLog
+@@ -1,7 +1,3 @@
+-20140612
+- - (dtucker) [configure.ac] Remove tcpwrappers support, support has already
+- been removed from sshd.c.
+-
+ 20140611
+ - (dtucker) [defines.h] Add va_copy if we don't already have it, taken from
+ openbsd-compat/bsd-asprintf.c.
+diff --git configure.ac configure.ac
+index f48ba4a..66fbe82 100644
+--- configure.ac
++++ configure.ac
+@@ -1380,6 +1380,62 @@ AC_ARG_WITH([skey],
+ ]
+ )
+
++# Check whether user wants TCP wrappers support
++TCPW_MSG="no"
++AC_ARG_WITH([tcp-wrappers],
++ [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
++ [
++ if test "x$withval" != "xno" ; then
++ saved_LIBS="$LIBS"
++ saved_LDFLAGS="$LDFLAGS"
++ saved_CPPFLAGS="$CPPFLAGS"
++ if test -n "${withval}" && \
++ test "x${withval}" != "xyes"; then
++ if test -d "${withval}/lib"; then
++ if test -n "${need_dash_r}"; then
++ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
++ else
++ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
++ fi
++ else
++ if test -n "${need_dash_r}"; then
++ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
++ else
++ LDFLAGS="-L${withval} ${LDFLAGS}"
++ fi
++ fi
++ if test -d "${withval}/include"; then
++ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
++ else
++ CPPFLAGS="-I${withval} ${CPPFLAGS}"
++ fi
++ fi
++ LIBS="-lwrap $LIBS"
++ AC_MSG_CHECKING([for libwrap])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <netinet/in.h>
++#include <tcpd.h>
++int deny_severity = 0, allow_severity = 0;
++ ]], [[
++ hosts_access(0);
++ ]])], [
++ AC_MSG_RESULT([yes])
++ AC_DEFINE([LIBWRAP], [1],
++ [Define if you want
++ TCP Wrappers support])
++ SSHDLIBS="$SSHDLIBS -lwrap"
++ TCPW_MSG="yes"
++ ], [
++ AC_MSG_ERROR([*** libwrap missing])
++
++ ])
++ LIBS="$saved_LIBS"
++ fi
++ ]
++)
++
+ # Check whether user wants to use ldns
+ LDNS_MSG="no"
+ AC_ARG_WITH(ldns,
+@@ -4803,6 +4859,7 @@ echo " KerberosV support: $KRB5_MSG"
+ echo " SELinux support: $SELINUX_MSG"
+ echo " Smartcard support: $SCARD_MSG"
+ echo " S/KEY support: $SKEY_MSG"
++echo " TCP Wrappers support: $TCPW_MSG"
+ echo " MD5 password support: $MD5_MSG"
+ echo " libedit support: $LIBEDIT_MSG"
+ echo " Solaris process contract support: $SPC_MSG"
Modified: head/security/openssh-portable/files/patch-readconf.c
==============================================================================
--- head/security/openssh-portable/files/patch-readconf.c Mon Nov 17 17:51:51 2014 (r372675)
+++ head/security/openssh-portable/files/patch-readconf.c Mon Nov 17 18:08:14 2014 (r372676)
@@ -18,22 +18,21 @@ Submitted upstream, no reaction.
Submitted by: delphij@
-
---- readconf.c.orig 2013-10-03 06:56:21.649139613 -0500
-+++ readconf.c 2013-10-03 06:56:50.961467272 -0500
+--- readconf.c.orig 2014-07-17 23:11:26.000000000 -0500
++++ readconf.c 2014-11-03 16:45:05.188796445 -0600
@@ -17,6 +17,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
+#include <sys/sysctl.h>
#include <sys/wait.h>
+ #include <sys/un.h>
- #include <netinet/in.h>
-@@ -282,7 +283,19 @@
- Forward *fwd;
+@@ -281,7 +282,19 @@ add_local_forward(Options *options, cons
+ struct Forward *fwd;
#ifndef NO_IPPORT_RESERVED_CONCEPT
extern uid_t original_real_uid;
-- if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
+- if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 &&
+ int ipport_reserved;
+#ifdef __FreeBSD__
+ size_t len_ipport_reserved = sizeof(ipport_reserved);
@@ -46,11 +45,11 @@ Submitted by: delphij@
+#else
+ ipport_reserved = IPPORT_RESERVED;
+#endif
-+ if (newfwd->listen_port < ipport_reserved && original_real_uid != 0)
++ if (newfwd->listen_port < ipport_reserved && original_real_uid != 0 &&
+ newfwd->listen_path == NULL)
fatal("Privileged ports can only be forwarded by root.");
#endif
- options->local_forwards = xrealloc(options->local_forwards,
-@@ -1607,7 +1620,7 @@
+@@ -1674,7 +1687,7 @@ fill_default_options(Options * options)
if (options->batch_mode == -1)
options->batch_mode = 0;
if (options->check_host_ip == -1)
Modified: head/security/openssh-portable/files/patch-ssh-agent.c
==============================================================================
--- head/security/openssh-portable/files/patch-ssh-agent.c Mon Nov 17 17:51:51 2014 (r372675)
+++ head/security/openssh-portable/files/patch-ssh-agent.c Mon Nov 17 18:08:14 2014 (r372676)
@@ -7,11 +7,11 @@ r226103 | des | 2011-10-07 08:10:16 -050
Add a -x option that causes ssh-agent(1) to exit when all clients have
disconnected.
---- ssh-agent.c.orig 2011-06-02 23:14:16.000000000 -0500
-+++ ssh-agent.c 2013-05-09 15:59:14.044627857 -0500
-@@ -137,15 +137,34 @@
- /* Default lifetime (0 == forever) */
- static int lifetime = 0;
+--- ssh-agent.c.orig 2014-07-29 21:32:46.000000000 -0500
++++ ssh-agent.c 2014-11-03 16:48:03.930786112 -0600
+@@ -142,15 +142,34 @@ extern char *__progname;
+ /* Default lifetime in seconds (0 == forever) */
+ static long lifetime = 0;
+/*
+ * Client connection count; incremented in new_socket() and decremented in
@@ -44,7 +44,7 @@ disconnected.
}
static void
-@@ -900,6 +919,10 @@
+@@ -810,6 +829,10 @@ new_socket(sock_type type, int fd)
{
u_int i, old_alloc, new_alloc;
@@ -55,15 +55,16 @@ disconnected.
set_nonblock(fd);
if (fd > max_fd)
-@@ -1120,6 +1143,7 @@
- fprintf(stderr, " -d Debug mode.\n");
- fprintf(stderr, " -a socket Bind agent socket to given name.\n");
- fprintf(stderr, " -t life Default identity lifetime (seconds).\n");
-+ fprintf(stderr, " -x Exit when the last client disconnects.\n");
+@@ -1026,7 +1049,7 @@ usage(void)
+ {
+ fprintf(stderr,
+ "usage: ssh-agent [-c | -s] [-d] [-a bind_address] [-t life]\n"
+- " [command [arg ...]]\n"
++ " [-x] [command [arg ...]]\n"
+ " ssh-agent [-c | -s] -k\n");
exit(1);
}
-
-@@ -1149,6 +1173,7 @@
+@@ -1056,6 +1079,7 @@ main(int ac, char **av)
/* drop */
setegid(getgid());
setgid(getgid());
@@ -71,7 +72,7 @@ disconnected.
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
/* Disable ptrace on Linux without sgid bit */
-@@ -1160,7 +1185,7 @@
+@@ -1069,7 +1093,7 @@ main(int ac, char **av)
__progname = ssh_get_progname(av[0]);
seed_rng();
@@ -80,7 +81,7 @@ disconnected.
switch (ch) {
case 'c':
if (s_flag)
-@@ -1189,6 +1214,9 @@
+@@ -1098,6 +1122,9 @@ main(int ac, char **av)
usage();
}
break;
Modified: head/security/openssh-portable/files/patch-sshd_config.5
==============================================================================
--- head/security/openssh-portable/files/patch-sshd_config.5 Mon Nov 17 17:51:51 2014 (r372675)
+++ head/security/openssh-portable/files/patch-sshd_config.5 Mon Nov 17 18:08:14 2014 (r372676)
@@ -1,9 +1,9 @@
---- sshd_config.5.orig 2013-02-11 18:02:09.000000000 -0600
-+++ sshd_config.5 2013-05-13 06:49:28.164628328 -0500
-@@ -277,7 +277,9 @@
+--- sshd_config.5.orig 2014-10-02 18:24:57.000000000 -0500
++++ sshd_config.5 2014-11-03 16:49:35.943778119 -0600
+@@ -304,7 +304,9 @@
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
- PAM or though authentication styles supported in
+ PAM or through authentication styles supported in
-.Xr login.conf 5 )
+.Xr login.conf 5 ) .
+See also
@@ -11,7 +11,7 @@
The default is
.Dq yes .
.It Cm ChrootDirectory
-@@ -555,7 +557,7 @@
+@@ -615,7 +617,7 @@
.Pp
.Pa /etc/hosts.equiv
and
@@ -20,7 +20,7 @@
are still used.
The default is
.Dq yes .
-@@ -841,7 +843,22 @@
+@@ -977,7 +979,22 @@
.It Cm PasswordAuthentication
Specifies whether password authentication is allowed.
The default is
@@ -43,7 +43,7 @@
.It Cm PermitEmptyPasswords
When password authentication is allowed, it specifies whether the
server allows login to accounts with empty password strings.
-@@ -887,7 +904,14 @@
+@@ -1023,7 +1040,14 @@
or
.Dq no .
The default is
@@ -59,8 +59,8 @@
.Pp
If this option is set to
.Dq without-password ,
-@@ -1006,7 +1030,9 @@
- section in
+@@ -1178,7 +1202,9 @@
+ For more information on KRLs, see the KEY REVOCATION LISTS section in
.Xr ssh-keygen 1 .
.It Cm RhostsRSAAuthentication
-Specifies whether rhosts or /etc/hosts.equiv authentication together
@@ -70,7 +70,7 @@
with successful RSA host authentication is allowed.
The default is
.Dq no .
-@@ -1146,7 +1172,7 @@
+@@ -1343,7 +1369,7 @@
.Xr sshd 8
as a non-root user.
The default is
@@ -79,7 +79,7 @@
.It Cm UsePrivilegeSeparation
Specifies whether
.Xr sshd 8
-@@ -1182,7 +1208,7 @@
+@@ -1379,7 +1405,7 @@
or
.Dq no .
The default is
More information about the svn-ports-head
mailing list