The branch main has been updated by emaste:
URL:
https://cgit.FreeBSD.org/src/commit/?id=8be24d80adb4ba998240c1b5e20e678852dc0a05
commit 8be24d80adb4ba998240c1b5e20e678852dc0a05
Author: Ed Maste <ema...@freebsd.org>
AuthorDate: 2025-07-29 17:20:15 +0000
Commit: Ed Maste <ema...@freebsd.org>
CommitDate: 2025-07-29 17:36:33 +0000
ssh: Reduce sshd_config diffs against OpenSSH 10.0p2
Upstream had a poor description for KbdInteractiveAuthentication prior
to the 10.0p2 release. We use KbdInteractiveAuthentication for PAM
authentication, and we replaced the poor description with a note about
use by PAM.
In 10.0p2 the upstream description has been fixed. Incorporate that
text now as it is an improvement and avoids a conflict in the upcoming
10.0p2 import.
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
---
crypto/openssh/sshd_config | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config
index a17484b1da2d..88c93386db65 100644
--- a/crypto/openssh/sshd_config
+++ b/crypto/openssh/sshd_config
@@ -56,12 +56,15 @@ AuthorizedKeysFile .ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
-# Change to yes to enable built-in password authentication.
+# Change to "yes" to enable built-in password authentication.
# Note that passwords may also be accepted via KbdInteractiveAuthentication.
#PasswordAuthentication no
#PermitEmptyPasswords no
-# Change to no to disable PAM authentication
+# Change to "no" to disable keyboard-interactive authentication. Depending on
+# the system's configuration, this may involve passwords, challenge-response,
+# one-time passwords or some combination of these and other methods.
+# Keyboard interactive authentication is also used for PAM authentication.
#KbdInteractiveAuthentication yes
# Kerberos options
