Upgrade to OpenSSH 4.6p1.
[dragonfly.git] / secure / usr.sbin / sshd / sshd_config.5.no_obj.patch
CommitLineData
bf5db2e8 1$DragonFly: src/secure/usr.sbin/sshd/Attic/sshd_config.5.no_obj.patch,v 1.4 2007/03/29 00:49:01 pavalos Exp $
e81ad174
PA
2--- ../../../crypto/openssh-4/sshd_config.5 2006-08-29 18:06:34.000000000 -0700
3+++ sshd_config.5 2006-11-20 09:56:07.000000000 -0700
e979a2dd 4@@ -169,9 +169,16 @@
16feab21 5 By default, no banner is displayed.
16feab21 6 .It Cm ChallengeResponseAuthentication
e979a2dd 7 Specifies whether challenge-response authentication is allowed.
16feab21
SU
8-All authentication styles from
9-.Xr login.conf 5
10-are supported.
16feab21 11+Specifically, in
e979a2dd 12+.Dx ,
16feab21
SU
13+this controls the use of PAM (see
14+.Xr pam 3 )
15+for authentication.
16+Note that this affects the effectiveness of the
17+.Cm PasswordAuthentication
18+and
19+.Cm PermitRootLogin
20+variables.
21 The default is
22 .Dq yes .
23 .It Cm Ciphers
e979a2dd 24@@ -358,8 +365,6 @@
16feab21
SU
25 The default is
26 .Pa /etc/ssh/ssh_host_key
27 for protocol version 1, and
28-.Pa /etc/ssh/ssh_host_rsa_key
29-and
30 .Pa /etc/ssh/ssh_host_dsa_key
31 for protocol version 2.
32 Note that
e979a2dd 33@@ -384,7 +389,7 @@
16feab21
SU
34 .Pp
35 .Pa /etc/hosts.equiv
36 and
37-.Pa /etc/shosts.equiv
38+.Pa /etc/ssh/shosts.equiv
39 are still used.
40 The default is
41 .Dq yes .
e979a2dd 42@@ -555,6 +560,20 @@
16feab21
SU
43 Specifies whether password authentication is allowed.
44 The default is
45 .Dq yes .
46+Note that if
47+.Cm ChallengeResponseAuthentication
48+is
49+.Dq yes ,
50+.Cm UsePAM
51+is
52+.Dq yes ,
53+and the PAM authentication policy for
54+.Nm sshd
55+includes
56+.Xr pam_unix 8 ,
57+password authentication will be allowed through the challenge-response
58+mechanism regardless of the value of
59+.Cm PasswordAuthentication .
60 .It Cm PermitEmptyPasswords
61 When password authentication is allowed, it specifies whether the
62 server allows login to accounts with empty password strings.
e979a2dd 63@@ -597,7 +616,14 @@
16feab21
SU
64 or
65 .Dq no .
66 The default is
67-.Dq yes .
68+.Dq no .
69+Note that if
70+.Cm ChallengeResponseAuthentication
71+is
72+.Dq yes ,
73+the root user may be allowed in with its password even if
74+.Cm PermitRootLogin is set to
75+.Dq without-password .
76 .Pp
77 If this option is set to
e979a2dd
SS
78 .Dq without-password ,
79@@ -690,7 +716,7 @@
80 .Sq 2 .
16feab21
SU
81 Multiple versions must be comma-separated.
82 The default is
83-.Dq 2,1 .
84+.Dq 2 .
85 Note that the order of the protocol list does not indicate preference,
86 because the client selects among multiple protocol versions offered
87 by the server.
e979a2dd 88@@ -704,7 +730,9 @@
16feab21
SU
89 .Dq yes .
90 Note that this option applies to protocol version 2 only.
91 .It Cm RhostsRSAAuthentication
92-Specifies whether rhosts or /etc/hosts.equiv authentication together
93+Specifies whether rhosts or
94+.Pa /etc/hosts.equiv
95+authentication together
96 with successful RSA host authentication is allowed.
97 The default is
98 .Dq no .
e979a2dd 99@@ -826,6 +854,11 @@
16feab21
SU
100 escalation by containing any corruption within the unprivileged processes.
101 The default is
102 .Dq yes .
103+.It Cm VersionAddendum
104+Specifies a string to append to the regular version string to identify
105+OS- or site-specific modifications.
106+The default is
bf5db2e8 107+.Dq DragonFly-20070328 .
16feab21
SU
108 .It Cm X11DisplayOffset
109 Specifies the first display number available for
e979a2dd
SS
110 .Xr sshd 8 Ns 's
111@@ -839,7 +872,7 @@
16feab21
SU
112 or
113 .Dq no .
114 The default is
115-.Dq no .
116+.Dq yes .
117 .Pp
118 When X11 forwarding is enabled, there may be additional exposure to
119 the server and to client displays if the