From 426e265b4094d2a5dd5e2b42888e84aeb2d41087 Mon Sep 17 00:00:00 2001 From: Jan Luebbe Date: Thu, 18 Aug 2022 13:17:02 +0200 Subject: openssh: sync local ssh_config + sshd_config files with upstream 8.7p1 Changes are caused by the removal of deprecated options. ChallengeResponseAuthentication was replaced by KbdInteractiveAuthentication in the SSHv2 protocol, see https://www.openssh.com/txt/release-8.7 (From OE-Core rev: 3a66dd6e05a65446a43cba2bf6972e78b2b13c31) Signed-off-by: Jan Luebbe Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie --- meta/recipes-connectivity/openssh/openssh/ssh_config | 4 ++-- meta/recipes-connectivity/openssh/openssh/sshd_config | 15 +++++++-------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config index e0d023803e..05eecb465f 100644 --- a/meta/recipes-connectivity/openssh/openssh/ssh_config +++ b/meta/recipes-connectivity/openssh/openssh/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $ +# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -36,7 +36,6 @@ Host * # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 -# Protocol 2 # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com # EscapeChar ~ @@ -46,3 +45,4 @@ Host * # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h +# UserKnownHostsFile ~/.ssh/known_hosts.d/%k diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config index 15f061b570..9c53805890 100644 --- a/meta/recipes-connectivity/openssh/openssh/sshd_config +++ b/meta/recipes-connectivity/openssh/openssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ +# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -57,9 +57,9 @@ AuthorizedKeysFile .ssh/authorized_keys #PasswordAuthentication yes #PermitEmptyPasswords no -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no +# Change to yes to enable keyboard-interactive authentication (beware issues +# with some PAM modules and threads) +KbdInteractiveAuthentication no # Kerberos options #KerberosAuthentication no @@ -73,13 +73,13 @@ ChallengeResponseAuthentication no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and +# be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass +# PAM authentication via KbdInteractiveAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. +# and KbdInteractiveAuthentication to 'no'. #UsePAM no #AllowAgentForwarding yes @@ -92,7 +92,6 @@ ChallengeResponseAuthentication no #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes -#UseLogin no #PermitUserEnvironment no Compression no ClientAliveInterval 15 -- cgit v1.2.3-54-g00ecf