Page MenuHomeFreeBSD
Differential D34400

release: Remove references to ChallengeResponseAuthentication
ClosedPublic
Actions

Authored by markj on Feb 28 2022, 10:34 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Nov 24, 5:20 PM
Unknown Object (File)
Nov 22 2024, 1:30 PM
Unknown Object (File)
Nov 21 2024, 7:12 AM
Unknown Object (File)
Nov 17 2024, 5:20 PM
Unknown Object (File)
Nov 12 2024, 12:04 AM
Unknown Object (File)
Nov 11 2024, 10:08 PM
Unknown Object (File)
Nov 11 2024, 6:09 PM
Unknown Object (File)
Oct 19 2024, 7:20 PM
View All 57 Files
Subscribers
imp

Details

Reviewers
emaste
cperciva
Group Reviewers
releng
Commits
rGc1b656ac55ec: release: Remove references to ChallengeResponseAuthentication
Summary

This was replaced by KbdInteractiveAuthentication in openssh 8.7, though
ChallengeResponseAuthentication is silently accepted as an alias.
However, this means that the code in ec2.conf which modifies a
commented-out line no longer does anything. Apply a minimal fix.

It may instead be preferable to unconditionally append
"KbdInteractiveAuthentication no" to /etc/ssh/sshd_config instead? I'm
not sure why gce.conf and ec2.conf differ in this way.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Feb 28 2022, 10:34 PM
Herald added a subscriber: imp. · View Herald TranscriptFeb 28 2022, 10:34 PM
markj requested review of this revision.Feb 28 2022, 10:34 PM
Harbormaster completed remote builds in B44605: Diff 103307.Feb 28 2022, 10:34 PM
cperciva accepted this revision.Feb 28 2022, 11:09 PM

Thanks for catching this!

I don't know why GCE does things differently from EC2 aside from the obvious "code was written by different people who didn't look at each other's work".

This revision is now accepted and ready to land.Feb 28 2022, 11:09 PM
emaste accepted this revision.Feb 28 2022, 11:52 PM

Might be worth adding a note to crypto/openssh/FREEBSD-upgrade as well

markj added a comment.Mar 1 2022, 1:36 PM
In D34400#779158, @emaste wrote:

Might be worth adding a note to crypto/openssh/FREEBSD-upgrade as well

Perhaps it should go in RELNOTES? There is no entry there for the OpenSSH update. FREEBSD-upgrade doesn't seem to document these sorts of things.

emaste added a comment.Mar 1 2022, 2:23 PM
In D34400#779240, @markj wrote:

Perhaps it should go in RELNOTES? There is no entry there for the OpenSSH update. FREEBSD-upgrade doesn't seem to document these sorts of things.

I mean a note to someone who updates OpenSSH in the future to check for new/changed options and update these files. Similar to item 12 "Update nanobsd's copies of the ssh config files"

Closed by commit rGc1b656ac55ec: release: Remove references to ChallengeResponseAuthentication (authored by markj). · Explain WhyMar 1 2022, 2:40 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rGc1b656ac55ec: release: Remove references to ChallengeResponseAuthentication.

Revision Contents
Changeset List

PathSize
release/
tools/
5 lines
2 lines

Diff 103324

View Options

release/tools/ec2.conf

Loading...
View Options

release/tools/gce.conf

Loading...