Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssh/dist Sync with OpenSSH 8.2p1 sam...
details: https://anonhg.NetBSD.org/src/rev/336bffd75a31
branches: trunk
changeset: 969775:336bffd75a31
user: kim <kim%NetBSD.org@localhost>
date: Sun Mar 01 08:21:38 2020 +0000
description:
Sync with OpenSSH 8.2p1 sample configs
- Add GSSAPIAuthentication and related options
- Add KerberosAuthentication and related options
- Bring in the lengthy but useful comment block about
the side-effect of UsePAM with regards to PermitRootLogin.
diffstat:
crypto/external/bsd/openssh/dist/ssh_config | 4 +++-
crypto/external/bsd/openssh/dist/sshd_config | 24 ++++++++++++++++++++++--
2 files changed, 25 insertions(+), 3 deletions(-)
diffs (63 lines):
diff -r c35377b00ac2 -r 336bffd75a31 crypto/external/bsd/openssh/dist/ssh_config
--- a/crypto/external/bsd/openssh/dist/ssh_config Sun Mar 01 07:42:07 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/ssh_config Sun Mar 01 08:21:38 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: ssh_config,v 1.13 2020/02/28 10:41:48 kim Exp $
+# $NetBSD: ssh_config,v 1.14 2020/03/01 08:21:38 kim Exp $
# $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $
# This is the ssh client system-wide configuration file. See
@@ -27,6 +27,8 @@
# ForwardX11 no
# PasswordAuthentication yes
# HostbasedAuthentication no
+# GSSAPIAuthentication no
+# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
diff -r c35377b00ac2 -r 336bffd75a31 crypto/external/bsd/openssh/dist/sshd_config
--- a/crypto/external/bsd/openssh/dist/sshd_config Sun Mar 01 07:42:07 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/sshd_config Sun Mar 01 08:21:38 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: sshd_config,v 1.24 2020/02/28 10:59:58 kim Exp $
+# $NetBSD: sshd_config,v 1.25 2020/03/01 08:21:38 kim Exp $
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See
@@ -60,6 +60,27 @@
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
@@ -72,7 +93,6 @@
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
-UsePAM yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
Home |
Main Index |
Thread Index |
Old Index