summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh
diff options
context:
space:
mode:
authorJan Luebbe <jlu@pengutronix.de>2022-08-18 13:17:02 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2022-08-21 22:51:41 +0100
commit426e265b4094d2a5dd5e2b42888e84aeb2d41087 (patch)
tree4873d9cd115eabeb62b47585be4941d0c6fc1b40 /meta/recipes-connectivity/openssh
parent7ab2366d1608a5311e26295613759b04254090aa (diff)
downloadpoky-426e265b4094d2a5dd5e2b42888e84aeb2d41087.tar.gz
openssh: sync local ssh_config + sshd_config files with upstream 8.7p1
Changes are caused by the removal of deprecated options. ChallengeResponseAuthentication was replaced by KbdInteractiveAuthentication in the SSHv2 protocol, see https://www.openssh.com/txt/release-8.7 (From OE-Core rev: 3a66dd6e05a65446a43cba2bf6972e78b2b13c31) Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh')
-rw-r--r--meta/recipes-connectivity/openssh/openssh/ssh_config4
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd_config15
2 files changed, 9 insertions, 10 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config
index e0d023803e..05eecb465f 100644
--- a/meta/recipes-connectivity/openssh/openssh/ssh_config
+++ b/meta/recipes-connectivity/openssh/openssh/ssh_config
@@ -1,4 +1,4 @@
1# $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $ 1# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $
2 2
3# This is the ssh client system-wide configuration file. See 3# This is the ssh client system-wide configuration file. See
4# ssh_config(5) for more information. This file provides defaults for 4# ssh_config(5) for more information. This file provides defaults for
@@ -36,7 +36,6 @@ Host *
36# IdentityFile ~/.ssh/id_ecdsa 36# IdentityFile ~/.ssh/id_ecdsa
37# IdentityFile ~/.ssh/id_ed25519 37# IdentityFile ~/.ssh/id_ed25519
38# Port 22 38# Port 22
39# Protocol 2
40# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc 39# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
41# MACs hmac-md5,hmac-sha1,umac-64@openssh.com 40# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
42# EscapeChar ~ 41# EscapeChar ~
@@ -46,3 +45,4 @@ Host *
46# VisualHostKey no 45# VisualHostKey no
47# ProxyCommand ssh -q -W %h:%p gateway.example.com 46# ProxyCommand ssh -q -W %h:%p gateway.example.com
48# RekeyLimit 1G 1h 47# RekeyLimit 1G 1h
48# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config
index 15f061b570..9c53805890 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -1,4 +1,4 @@
1# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ 1# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
2 2
3# This is the sshd server system-wide configuration file. See 3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information. 4# sshd_config(5) for more information.
@@ -57,9 +57,9 @@ AuthorizedKeysFile .ssh/authorized_keys
57#PasswordAuthentication yes 57#PasswordAuthentication yes
58#PermitEmptyPasswords no 58#PermitEmptyPasswords no
59 59
60# Change to yes to enable challenge-response passwords (beware issues with 60# Change to yes to enable keyboard-interactive authentication (beware issues
61# some PAM modules and threads) 61# with some PAM modules and threads)
62ChallengeResponseAuthentication no 62KbdInteractiveAuthentication no
63 63
64# Kerberos options 64# Kerberos options
65#KerberosAuthentication no 65#KerberosAuthentication no
@@ -73,13 +73,13 @@ ChallengeResponseAuthentication no
73 73
74# Set this to 'yes' to enable PAM authentication, account processing, 74# Set this to 'yes' to enable PAM authentication, account processing,
75# and session processing. If this is enabled, PAM authentication will 75# and session processing. If this is enabled, PAM authentication will
76# be allowed through the ChallengeResponseAuthentication and 76# be allowed through the KbdInteractiveAuthentication and
77# PasswordAuthentication. Depending on your PAM configuration, 77# PasswordAuthentication. Depending on your PAM configuration,
78# PAM authentication via ChallengeResponseAuthentication may bypass 78# PAM authentication via KbdInteractiveAuthentication may bypass
79# the setting of "PermitRootLogin without-password". 79# the setting of "PermitRootLogin without-password".
80# If you just want the PAM account and session checks to run without 80# If you just want the PAM account and session checks to run without
81# PAM authentication, then enable this but set PasswordAuthentication 81# PAM authentication, then enable this but set PasswordAuthentication
82# and ChallengeResponseAuthentication to 'no'. 82# and KbdInteractiveAuthentication to 'no'.
83#UsePAM no 83#UsePAM no
84 84
85#AllowAgentForwarding yes 85#AllowAgentForwarding yes
@@ -92,7 +92,6 @@ ChallengeResponseAuthentication no
92#PrintMotd yes 92#PrintMotd yes
93#PrintLastLog yes 93#PrintLastLog yes
94#TCPKeepAlive yes 94#TCPKeepAlive yes
95#UseLogin no
96#PermitUserEnvironment no 95#PermitUserEnvironment no
97Compression no 96Compression no
98ClientAliveInterval 15 97ClientAliveInterval 15