Re: PR/58412 CVS commit: src/crypto/external/bsd/openssh/dist

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,martin%NetBSD.org@localhost
Subject: Re: PR/58412 CVS commit: src/crypto/external/bsd/openssh/dist
From: RVP <rvp%SDF.ORG@localhost>
Date: Sun, 14 Jul 2024 22:15:01 +0000 (UTC)

The following reply was made to PR bin/58412; it has been noted by GNATS.

From: RVP <rvp%SDF.ORG@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: christos%netbsd.org@localhost
Subject: Re: PR/58412 CVS commit: src/crypto/external/bsd/openssh/dist
Date: Sun, 14 Jul 2024 22:11:51 +0000 (UTC)

 On Sat, 13 Jul 2024, Christos Zoulas wrote:
 
 > Unfortunately, there is nothing there either :-(
 >
 
 Odd. It's there in the portable version's man-page:
 
 ```
 --- ssh/sshd_config.5	2024-06-24 06:59:39.000000000 +0000
 +++ openssh-9.8p1/sshd_config.5	2024-07-01 04:36:28.000000000 +0000
 @@ -205,10 +205,9 @@
   For keyboard interactive authentication it is also possible to
   restrict authentication to a specific device by appending a
   colon followed by the device identifier
 -.Cm bsdauth ,
 -.Cm pam ,
 +.Cm bsdauth
   or
 -.Cm skey ,
 +.Cm pam .
   depending on the server configuration.
   For example,
   .Qq keyboard-interactive:bsdauth
 @@ -1308,6 +1307,7 @@
   .Cm LogLevel ,
   .Cm MaxAuthTries ,
   .Cm MaxSessions ,
 +.Cm PAMServiceName ,
   .Cm PasswordAuthentication ,
   .Cm PermitEmptyPasswords ,
   .Cm PermitListen ,
 @@ -1374,10 +1374,17 @@
   key exchange methods.
   The default is
   .Pa /etc/moduli .
 +.It Cm PAMServiceName
 +Specifies the service name used for Pluggable Authentication Modules (PAM)
 +authentication, authorisation and session controls when
 +.Cm UsePAM
 +is enabled.
 +The default is
 +.Cm sshd .
   .It Cm PasswordAuthentication
   Specifies whether password authentication is allowed.
   The default is
 -.Cm yes .
 +.Cm sshd .
   .It Cm PermitEmptyPasswords
   When password authentication is allowed, it specifies whether the
   server allows login to accounts with empty password strings.
 @@ -1982,6 +1989,30 @@
   .Cm Match
   .Cm Host
   directives.
 +.It Cm UsePAM
 +Enables the Pluggable Authentication Module interface.
 +If set to
 +.Cm yes
 +this will enable PAM authentication using
 +.Cm KbdInteractiveAuthentication
 +and
 +.Cm PasswordAuthentication
 +in addition to PAM account and session module processing for all
 +authentication types.
 +.Pp
 +Because PAM keyboard-interactive authentication usually serves an equivalent
 +role to password authentication, you should disable either
 +.Cm PasswordAuthentication
 +or
 +.Cm KbdInteractiveAuthentication .
 +.Pp
 +If
 +.Cm UsePAM
 +is enabled, you will not be able to run
 +.Xr sshd 8
 +as a non-root user.
 +The default is
 +.Cm no .
   .It Cm VersionAddendum
   Optionally specifies additional text to append to the SSH protocol banner
   sent by the server upon connection.
 ```
 
 -RVP

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: re: kern/58425: negation of pid or pgid is UB for INT_MIN
Previous by Thread: Re: PR/58412 CVS commit: src/crypto/external/bsd/openssh/dist
Next by Thread: PR/58412 CVS commit: src/crypto/external/bsd/openssh/dist
Indexes:

Home | Main Index | Thread Index | Old Index