sshd - Disable tunneled clear text passwords by default
authorMatthew Dillon <dillon@apollo.backplane.com>
Sat, 14 Oct 2017 21:18:39 +0000 (14:18 -0700)
committerMatthew Dillon <dillon@apollo.backplane.com>
Sat, 14 Oct 2017 21:18:39 +0000 (14:18 -0700)
* Reapply 1cb3a32c13b and c866a462b3.  sshd on DragonFlyBSD defaults
  to disabling cleartext passwords by default.

Reminded-by: ivadasz
crypto/openssh/readconf.c
crypto/openssh/sshd_config

index f63894f..a081991 100644 (file)
@@ -1933,7 +1933,7 @@ fill_default_options(Options * options)
        if (options->gss_deleg_creds == -1)
                options->gss_deleg_creds = 0;
        if (options->password_authentication == -1)
-               options->password_authentication = 1;
+               options->password_authentication = 0;
        if (options->kbd_interactive_authentication == -1)
                options->kbd_interactive_authentication = 1;
        if (options->hostbased_authentication == -1)
index 4eb2e02..a62f6b4 100644 (file)
@@ -55,7 +55,7 @@ AuthorizedKeysFile    .ssh/authorized_keys
 #IgnoreRhosts yes
 
 # To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
+PasswordAuthentication no
 #PermitEmptyPasswords no
 
 # Change to no to disable s/key passwords