From ad5056c75c7ccd8379444d5b953c08015846e23c Mon Sep 17 00:00:00 2001
From: Matthew Dillon <dillon@apollo.backplane.com>
Date: Sat, 14 Oct 2017 14:18:39 -0700
Subject: [PATCH] sshd - Disable tunneled clear text passwords by default

* Reapply 1cb3a32c13b and c866a462b3.  sshd on DragonFlyBSD defaults
  to disabling cleartext passwords by default.

Reminded-by: ivadasz
---
 crypto/openssh/readconf.c  | 2 +-
 crypto/openssh/sshd_config | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/openssh/readconf.c b/crypto/openssh/readconf.c
index f63894f9ca..a081991d20 100644
--- a/crypto/openssh/readconf.c
+++ b/crypto/openssh/readconf.c
@@ -1933,7 +1933,7 @@ fill_default_options(Options * options)
 	if (options->gss_deleg_creds == -1)
 		options->gss_deleg_creds = 0;
 	if (options->password_authentication == -1)
-		options->password_authentication = 1;
+		options->password_authentication = 0;
 	if (options->kbd_interactive_authentication == -1)
 		options->kbd_interactive_authentication = 1;
 	if (options->hostbased_authentication == -1)
diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config
index 4eb2e02e04..a62f6b4c6e 100644
--- a/crypto/openssh/sshd_config
+++ b/crypto/openssh/sshd_config
@@ -55,7 +55,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #IgnoreRhosts yes
 
 # To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
+PasswordAuthentication no
 #PermitEmptyPasswords no
 
 # Change to no to disable s/key passwords
-- 
2.41.0