On Thu, 12 May 2022 at 11:19, Ed Maste <emaste@xxxxxxxxxxx> wrote: > > I updated sshd_config in the FreeBSD base system to pick up the > without-password -> prohibit-password option rename (in the UsePAM > description): This fix from FreeBSD is still outstanding: > --- a/crypto/openssh/sshd_config > +++ b/crypto/openssh/sshd_config > @@ -78,7 +78,7 @@ AuthorizedKeysFile .ssh/authorized_keys > # be allowed through the KbdInteractiveAuthentication and > # PasswordAuthentication. Depending on your PAM configuration, > # PAM authentication via KbdInteractiveAuthentication may bypass > -# the setting of "PermitRootLogin without-password". > +# the setting of "PermitRootLogin prohibit-password". > # If you just want the PAM account and session checks to run without > # PAM authentication, then enable this but set PasswordAuthentication > # and KbdInteractiveAuthentication to 'no'. "without-password" is the deprecated alias for "prohibit-password", so we should reference the latter. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
