[src/trunk]: src/crypto/external/bsd/openssh/dist Sync with OpenSSH 8.2p1 sam...

[kim <kim%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/281222405a93
branches:  trunk
changeset: 1007810:281222405a93
user:      kim <kim%NetBSD.org@localhost>
date:      Sun Mar 01 08:21:38 2020 +0000

description:
Sync with OpenSSH 8.2p1 sample configs

- Add GSSAPIAuthentication and related options
- Add KerberosAuthentication and related options
- Bring in the lengthy but useful comment block about
  the side-effect of UsePAM with regards to PermitRootLogin.

diffstat:

 crypto/external/bsd/openssh/dist/ssh_config  |   4 +++-
 crypto/external/bsd/openssh/dist/sshd_config |  24 ++++++++++++++++++++++--
 2 files changed, 25 insertions(+), 3 deletions(-)

diffs (63 lines):

diff -r 25b597faf761 -r 281222405a93 crypto/external/bsd/openssh/dist/ssh_config
--- a/crypto/external/bsd/openssh/dist/ssh_config       Sun Mar 01 07:42:07 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/ssh_config       Sun Mar 01 08:21:38 2020 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: ssh_config,v 1.13 2020/02/28 10:41:48 kim Exp $
+#      $NetBSD: ssh_config,v 1.14 2020/03/01 08:21:38 kim Exp $
 #      $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $
 
 # This is the ssh client system-wide configuration file.  See
@@ -27,6 +27,8 @@
 #   ForwardX11 no
 #   PasswordAuthentication yes
 #   HostbasedAuthentication no
+#   GSSAPIAuthentication no
+#   GSSAPIDelegateCredentials no
 #   BatchMode no
 #   CheckHostIP yes
 #   AddressFamily any
diff -r 25b597faf761 -r 281222405a93 crypto/external/bsd/openssh/dist/sshd_config
--- a/crypto/external/bsd/openssh/dist/sshd_config      Sun Mar 01 07:42:07 2020 +0000
+++ b/crypto/external/bsd/openssh/dist/sshd_config      Sun Mar 01 08:21:38 2020 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: sshd_config,v 1.24 2020/02/28 10:59:58 kim Exp $
+#      $NetBSD: sshd_config,v 1.25 2020/03/01 08:21:38 kim Exp $
 #      $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
 
 # This is the sshd server system-wide configuration file.  See
@@ -60,6 +60,27 @@
 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes
 
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
@@ -72,7 +93,6 @@
 #PrintMotd yes
 #PrintLastLog yes
 #TCPKeepAlive yes
-UsePAM yes
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0