bin/60172: sshd_config(5) man page vs. config file discrepancy with UsePAM and authentication

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/60172: sshd_config(5) man page vs. config file discrepancy with UsePAM and authentication
From: "david%gutteridge.ca@localhost via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Thu, 2 Apr 2026 20:05:00 +0000 (UTC)

>Number:         60172
>Category:       bin
>Synopsis:       sshd_config(5) man page vs. config file discrepancy with UsePAM and authentication
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          doc-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Apr 02 20:05:00 +0000 2026
>Originator:     David H. Gutteridge
>Release:        HEAD
>Organization:
TNF
>Environment:
NetBSD arcusxx.nonus-porta.net 11.99.5 NetBSD 11.99.5 (GENERIC) #0: Wed Mar 11 05:11:56 UTC 2026  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
The UsePAM documentation in sshd_config(5) states:

"Because PAM keyboard-interactive authentication usually serves an
equivalent role to password authentication, you should disable
either PasswordAuthentication or KbdInteractiveAuthentication."

However, the default sshd_config file that ships with NetBSD has
UsePAM=yes set (as an override), and both PasswordAuthentication and
KbdInteractiveAuthentication are enabled (by default).

These would seem to contradict each other. Either more detail is needed
in the man page, or the default configuration should probably be
adjusted. (Uncertain if this is a doc bug or a config bug, I'm filing
under the former.)
>How-To-Repeat:

>Fix:

Prev by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: PR/57242 CVS commit: [netbsd-11] src/external/bsd/unbound/include
Indexes:

Home | Main Index | Thread Index | Old Index