diff options
| author | Marcus Alves Grando <mnag@FreeBSD.org> | 2006-10-01 02:15:00 +0000 |
|---|---|---|
| committer | Marcus Alves Grando <mnag@FreeBSD.org> | 2006-10-01 02:15:00 +0000 |
| commit | 5ef0f821ecc6c892cb7a8ca232a24b7c0e3e5aab (patch) | |
| tree | 6ff9cc19519ac6305e49ca7c114a0760410a7ae5 /security/openssh-portable/files/patch-sshd_config.5 | |
| parent | - New ports: games/ufoai games/ufoai-data (diff) | |
- Update to 4.4p1.
- Disable temporary HPN patch until HPN release new version.
- Fix rc.d script path in sshd.8
- Add FreeBSD-${PKGNAME} in SSH_VERSION and SSH_RELEASE like src does.
- Sync patches with src.
Security: CVE-2006-4924, CVE-2006-5051
Notes
Notes:
svn path=/head/; revision=174213
Diffstat (limited to 'security/openssh-portable/files/patch-sshd_config.5')
| -rw-r--r-- | security/openssh-portable/files/patch-sshd_config.5 | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/security/openssh-portable/files/patch-sshd_config.5 b/security/openssh-portable/files/patch-sshd_config.5 new file mode 100644 index 000000000000..6ccd1c7f2d53 --- /dev/null +++ b/security/openssh-portable/files/patch-sshd_config.5 @@ -0,0 +1,90 @@ +--- sshd_config.5.orig Tue Aug 29 22:06:34 2006 ++++ sshd_config.5 Sat Sep 30 10:39:07 2006 +@@ -169,9 +170,16 @@ + By default, no banner is displayed. + .It Cm ChallengeResponseAuthentication + Specifies whether challenge-response authentication is allowed. +-All authentication styles from +-.Xr login.conf 5 +-are supported. ++Specifically, in ++.Fx , ++this controls the use of PAM (see ++.Xr pam 3 ) ++for authentication. ++Note that this affects the effectiveness of the ++.Cm PasswordAuthentication ++and ++.Cm PermitRootLogin ++variables. + The default is + .Dq yes . + .It Cm Ciphers +@@ -554,7 +560,22 @@ + .It Cm PasswordAuthentication + Specifies whether password authentication is allowed. + The default is ++.Dq no , ++unless ++.Nm sshd ++was built without PAM support, in which case the default is + .Dq yes . ++Note that if ++.Cm ChallengeResponseAuthentication ++is ++.Dq yes , ++and the PAM authentication policy for ++.Nm sshd ++includes ++.Xr pam_unix 8 , ++password authentication will be allowed through the challenge-response ++mechanism regardless of the value of ++.Cm PasswordAuthentication . + .It Cm PermitEmptyPasswords + When password authentication is allowed, it specifies whether the + server allows login to accounts with empty password strings. +@@ -597,7 +618,14 @@ + or + .Dq no . + The default is +-.Dq yes . ++.Dq no . ++Note that if ++.Cm ChallengeResponseAuthentication ++is ++.Dq yes , ++the root user may be allowed in with its password even if ++.Cm PermitRootLogin is set to ++.Dq without-password . + .Pp + If this option is set to + .Dq without-password , +@@ -704,7 +732,9 @@ + .Dq yes . + Note that this option applies to protocol version 2 only. + .It Cm RhostsRSAAuthentication +-Specifies whether rhosts or /etc/hosts.equiv authentication together ++Specifies whether rhosts or ++.Pa /etc/hosts.equiv ++authentication together + with successful RSA host authentication is allowed. + The default is + .Dq no . +@@ -814,7 +844,7 @@ + .Xr sshd 8 + as a non-root user. + The default is +-.Dq no . ++.Dq yes . + .It Cm UsePrivilegeSeparation + Specifies whether + .Xr sshd 8 +@@ -839,7 +874,7 @@ + or + .Dq no . + The default is +-.Dq no . ++.Dq yes . + .Pp + When X11 forwarding is enabled, there may be additional exposure to + the server and to client displays if the |