Date: Mon, 1 Feb 2016 12:29:42 -0800 From: Bryan Drewery <bdrewery@FreeBSD.org> To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r294464 - in head: crypto/openssh crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-compat crypto/openssh/regress crypto/openssh/regress/unittests crypto/... Message-ID: <56AFC036.6080508@FreeBSD.org> In-Reply-To: <201601202257.u0KMvA89056089@repo.freebsd.org> References: <201601202257.u0KMvA89056089@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --G03gruP8aV9OtCrwFcegJ2x7u81GokLpO Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 1/20/2016 2:57 PM, Dag-Erling Sm=C3=B8rgrav wrote: > Author: des > Date: Wed Jan 20 22:57:10 2016 > New Revision: 294464 > URL: https://svnweb.freebsd.org/changeset/base/294464 >=20 > Log: > Upgrade to OpenSSH 7.0p1. =2E.. > Index: crypto/openssh/sshd_config > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- crypto/openssh/sshd_config (revision 294463) > +++ crypto/openssh/sshd_config (revision 294464) > @@ -1,4 +1,4 @@ > -# $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $ > +# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ > # $FreeBSD$ >=20 > # This is the sshd server system-wide configuration file. See > @@ -45,7 +45,7 @@ > # Authentication: >=20 > #LoginGraceTime 2m > -#PermitRootLogin no > +#PermitRootLogin prohibit-password > #StrictModes yes > #MaxAuthTries 6 > #MaxSessions 10 Shouldn't the comments note the default? The default here is still 'no'. Upstream 7.1p2 does use PERMIT_NO_PASSWD rather than PERMIT_NO that we have. I think we should make this change: > Index: crypto/openssh/servconf.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- crypto/openssh/servconf.c (revision 294275) > +++ crypto/openssh/servconf.c (working copy) > @@ -202,7 +202,7 @@ > if (options->key_regeneration_time =3D=3D -1) > options->key_regeneration_time =3D 3600; > if (options->permit_root_login =3D=3D PERMIT_NOT_SET) > - options->permit_root_login =3D PERMIT_NO; > + options->permit_root_login =3D PERMIT_NO_PASSWD; > if (options->ignore_rhosts =3D=3D -1) > options->ignore_rhosts =3D 1; > if (options->ignore_user_known_hosts =3D=3D -1) --=20 Regards, Bryan Drewery --G03gruP8aV9OtCrwFcegJ2x7u81GokLpO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJWr8BBAAoJEDXXcbtuRpfPJUEH/jCp2P0zdoqXT8R9lySoMJx1 Lfa8+v4U2ZuPiclEitHxZj0C0mugx0p6I5PC60vd7XX4//WNqNNANTxc6gIey/7I aQqlxI3/7AzNpi3Q6zlEemAOV9GWxQxbWwlArZVUJAkWj5GoMRx7ZRmch6ebosO3 4iSE8zZwVCIFq53V6J6MLEfyRLF0I17OkffyF85VbUiLS61TeAN6PWk04CQz9Xdl QyV5YVNpL6cvpPyYG/Vv9nl321YYv7nrYeRLnFnCH1jRtW7bgQGJuViSDYQk+Q7Y qTFQWlSZ9ngjlMdl2gYUQAnT4mAySfE11JNOeSC1gys6JLbPhTp4N+yXzKgzOtE= =fcFM -----END PGP SIGNATURE----- --G03gruP8aV9OtCrwFcegJ2x7u81GokLpO--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56AFC036.6080508>