Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 Jul 2017 18:27:30 +0000 (UTC)
From:      Glen Barber <gjb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r321659 - head/release/tools
Message-ID:  <201707281827.v6SIRUmc005785@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: gjb
Date: Fri Jul 28 18:27:30 2017
New Revision: 321659
URL: https://svnweb.freebsd.org/changeset/base/321659

Log:
  Turn off ChallengeResponseAuthentication for EC2 AMIs, one of EC2's
  requirements.
  
  MFC after:	3 days
  Sponsored by:	The FreeBSD Foundation

Modified:
  head/release/tools/ec2.conf

Modified: head/release/tools/ec2.conf
==============================================================================
--- head/release/tools/ec2.conf	Fri Jul 28 18:11:53 2017	(r321658)
+++ head/release/tools/ec2.conf	Fri Jul 28 18:27:30 2017	(r321659)
@@ -81,6 +81,12 @@ vm_extra_pre_umount() {
 	# Load the kernel module for the Amazon "Elastic Network Adapter"
 	echo 'if_ena_load="YES"' >> ${DESTDIR}/boot/loader.conf
 
+	# Disable ChallengeResponseAuthentication according to EC2
+	# requirements.
+	sed -i '' -e \
+		's/^#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' \
+		${DESTDIR}/etc/ssh/sshd_config
+
 	# The first time the AMI boots, the installed "first boot" scripts
 	# should be allowed to run:
 	# * ec2_configinit (download and process EC2 user-data)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707281827.v6SIRUmc005785>