Page MenuHomeFreeBSD

release: Remove references to ChallengeResponseAuthentication
ClosedPublic

Authored by markj on Feb 28 2022, 10:34 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sep 12 2025, 12:01 PM
Unknown Object (File)
Jul 18 2025, 11:37 AM
Unknown Object (File)
Jul 13 2025, 3:41 AM
Unknown Object (File)
Jul 12 2025, 1:14 PM
Unknown Object (File)
Jul 7 2025, 10:03 AM
Unknown Object (File)
Jun 28 2025, 5:24 AM
Unknown Object (File)
Jun 19 2025, 5:55 AM
Unknown Object (File)
Jun 18 2025, 6:11 AM
Subscribers

Details

Summary

This was replaced by KbdInteractiveAuthentication in openssh 8.7, though
ChallengeResponseAuthentication is silently accepted as an alias.
However, this means that the code in ec2.conf which modifies a
commented-out line no longer does anything. Apply a minimal fix.

It may instead be preferable to unconditionally append
"KbdInteractiveAuthentication no" to /etc/ssh/sshd_config instead? I'm
not sure why gce.conf and ec2.conf differ in this way.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Thanks for catching this!

I don't know why GCE does things differently from EC2 aside from the obvious "code was written by different people who didn't look at each other's work".

This revision is now accepted and ready to land.Feb 28 2022, 11:09 PM

Might be worth adding a note to crypto/openssh/FREEBSD-upgrade as well

Might be worth adding a note to crypto/openssh/FREEBSD-upgrade as well

Perhaps it should go in RELNOTES? There is no entry there for the OpenSSH update. FREEBSD-upgrade doesn't seem to document these sorts of things.

Perhaps it should go in RELNOTES? There is no entry there for the OpenSSH update. FREEBSD-upgrade doesn't seem to document these sorts of things.

I mean a note to someone who updates OpenSSH in the future to check for new/changed options and update these files. Similar to item 12 "Update nanobsd's copies of the ssh config files"