svn commit: r294464 - in head: crypto/openssh crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-compat crypto/openssh/regress crypto/openssh/regress/unittests crypto/...

Bryan Drewery bdrewery at FreeBSD.org
Mon Feb 1 20:29:53 UTC 2016 

On 1/20/2016 2:57 PM, Dag-Erling Smørgrav wrote:
> Author: des
> Date: Wed Jan 20 22:57:10 2016
> New Revision: 294464
> URL: https://svnweb.freebsd.org/changeset/base/294464
> 
> Log:
>   Upgrade to OpenSSH 7.0p1.
...
> Index: crypto/openssh/sshd_config
> ===================================================================
> --- crypto/openssh/sshd_config  (revision 294463)
> +++ crypto/openssh/sshd_config  (revision 294464)
> @@ -1,4 +1,4 @@
> -#      $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $
> +#      $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $
>  #      $FreeBSD$
> 
>  # This is the sshd server system-wide configuration file.  See
> @@ -45,7 +45,7 @@
>  # Authentication:
> 
>  #LoginGraceTime 2m
> -#PermitRootLogin no
> +#PermitRootLogin prohibit-password
>  #StrictModes yes
>  #MaxAuthTries 6
>  #MaxSessions 10

Shouldn't the comments note the default? The default here is still 'no'.
 Upstream 7.1p2 does use PERMIT_NO_PASSWD rather than PERMIT_NO that we
have.  I think we should make this change:

> Index: crypto/openssh/servconf.c
> ===================================================================
> --- crypto/openssh/servconf.c   (revision 294275)
> +++ crypto/openssh/servconf.c   (working copy)
> @@ -202,7 +202,7 @@
>         if (options->key_regeneration_time == -1)
>                 options->key_regeneration_time = 3600;
>         if (options->permit_root_login == PERMIT_NOT_SET)
> -               options->permit_root_login = PERMIT_NO;
> +               options->permit_root_login = PERMIT_NO_PASSWD;
>         if (options->ignore_rhosts == -1)
>                 options->ignore_rhosts = 1;
>         if (options->ignore_user_known_hosts == -1)


-- 
Regards,
Bryan Drewery

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20160201/9f5a0542/attachment.sig>

More information about the svn-src-all mailing list