aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssh/sshd_config
diff options
context:
space:
mode:
authorEd Maste <emaste@FreeBSD.org>2022-05-25 13:32:57 +0000
committerEd Maste <emaste@FreeBSD.org>2022-06-08 20:20:46 +0000
commit9f009e066f088e2c31442db31d2a85001040abfe (patch)
tree1274928c197e8acbb5be0d66d2eeba436bc3707f /crypto/openssh/sshd_config
parent57317c8971df76bd6faeb7dfdc4379097d004caf (diff)
downloadsrc-9f009e066f088e2c31442db31d2a85001040abfe.tar.gz
src-9f009e066f088e2c31442db31d2a85001040abfe.zip
sshd_config: clarify password authentication options
Passwords may be accepted by both the PasswordAuthentication and KbdInteractiveAuthentication authentication schemes. Add a reference to the latter in the description/comment for PasswordAuthentication, as it otherwise may seem that "PasswordAuthentication no" implies passwords will be disallowed. This situation should be clarified with more extensive documentation on the authentication schemes and configuration options, but that should be done in coordination with upstream OpenSSH. This is a minimal change that will hopefully clarify the situation without requiring an extensive local patch set. PR: 263045 Reviewed by: manu (earlier version) MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35272
Diffstat (limited to 'crypto/openssh/sshd_config')
-rw-r--r--crypto/openssh/sshd_config1
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config
index 956a4bd7d7af..84250a46a6d6 100644
--- a/crypto/openssh/sshd_config
+++ b/crypto/openssh/sshd_config
@@ -57,6 +57,7 @@ AuthorizedKeysFile .ssh/authorized_keys
#IgnoreRhosts yes
# Change to yes to enable built-in password authentication.
+# Note that passwords may also be accepted via KbdInteractiveAuthentication.
#PasswordAuthentication no
#PermitEmptyPasswords no