On 1/20/2016 2:57 PM, Dag-Erling Smørgrav wrote: > Author: des > Date: Wed Jan 20 22:57:10 2016 > New Revision: 294464 > URL: https://svnweb.freebsd.org/changeset/base/294464 > > Log: > Upgrade to OpenSSH 7.0p1. ... > Index: crypto/openssh/sshd_config > =================================================================== > --- crypto/openssh/sshd_config (revision 294463) > +++ crypto/openssh/sshd_config (revision 294464) > @@ -1,4 +1,4 @@ > -# $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $ > +# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ > # $FreeBSD$ > > # This is the sshd server system-wide configuration file. See > @@ -45,7 +45,7 @@ > # Authentication: > > #LoginGraceTime 2m > -#PermitRootLogin no > +#PermitRootLogin prohibit-password > #StrictModes yes > #MaxAuthTries 6 > #MaxSessions 10
Shouldn't the comments note the default? The default here is still 'no'. Upstream 7.1p2 does use PERMIT_NO_PASSWD rather than PERMIT_NO that we have. I think we should make this change: > Index: crypto/openssh/servconf.c > =================================================================== > --- crypto/openssh/servconf.c (revision 294275) > +++ crypto/openssh/servconf.c (working copy) > @@ -202,7 +202,7 @@ > if (options->key_regeneration_time == -1) > options->key_regeneration_time = 3600; > if (options->permit_root_login == PERMIT_NOT_SET) > - options->permit_root_login = PERMIT_NO; > + options->permit_root_login = PERMIT_NO_PASSWD; > if (options->ignore_rhosts == -1) > options->ignore_rhosts = 1; > if (options->ignore_user_known_hosts == -1) -- Regards, Bryan Drewery
signature.asc
Description: OpenPGP digital signature
