dist

Kimmo Suominen Sun, 01 Mar 2020 00:22:45 -0800

Module Name:    src
Committed By:   kim
Date:           Sun Mar  1 08:21:38 UTC 2020


Modified Files:
        src/crypto/external/bsd/openssh/dist: ssh_config sshd_config

Log Message:
Sync with OpenSSH 8.2p1 sample configs

- Add GSSAPIAuthentication and related options
- Add KerberosAuthentication and related options
- Bring in the lengthy but useful comment block about
  the side-effect of UsePAM with regards to PermitRootLogin.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/ssh_config
cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/openssh/dist/sshd_config

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh_config
diff -u src/crypto/external/bsd/openssh/dist/ssh_config:1.13 src/crypto/external/bsd/openssh/dist/ssh_config:1.14
--- src/crypto/external/bsd/openssh/dist/ssh_config:1.13	Fri Feb 28 10:41:48 2020
+++ src/crypto/external/bsd/openssh/dist/ssh_config	Sun Mar  1 08:21:38 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: ssh_config,v 1.13 2020/02/28 10:41:48 kim Exp $
+#	$NetBSD: ssh_config,v 1.14 2020/03/01 08:21:38 kim Exp $
 #	$OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $
 
 # This is the ssh client system-wide configuration file.  See
@@ -27,6 +27,8 @@ Host *.netbsd.org *.NetBSD.org
 #   ForwardX11 no
 #   PasswordAuthentication yes
 #   HostbasedAuthentication no
+#   GSSAPIAuthentication no
+#   GSSAPIDelegateCredentials no
 #   BatchMode no
 #   CheckHostIP yes
 #   AddressFamily any

Index: src/crypto/external/bsd/openssh/dist/sshd_config
diff -u src/crypto/external/bsd/openssh/dist/sshd_config:1.24 src/crypto/external/bsd/openssh/dist/sshd_config:1.25
--- src/crypto/external/bsd/openssh/dist/sshd_config:1.24	Fri Feb 28 10:59:58 2020
+++ src/crypto/external/bsd/openssh/dist/sshd_config	Sun Mar  1 08:21:38 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: sshd_config,v 1.24 2020/02/28 10:59:58 kim Exp $
+#	$NetBSD: sshd_config,v 1.25 2020/03/01 08:21:38 kim Exp $
 #	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
 
 # This is the sshd server system-wide configuration file.  See
@@ -60,6 +60,27 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes
 
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
@@ -72,7 +93,6 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #PrintMotd yes
 #PrintLastLog yes
 #TCPKeepAlive yes
-UsePAM yes
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0

CVS commit: src/crypto/external/bsd/openssh/dist

Reply via email to