diff options
Diffstat (limited to 'crypto/openssh')
| -rw-r--r-- | crypto/openssh/servconf.c | 4 | ||||
| -rw-r--r-- | crypto/openssh/sshd_config | 4 | ||||
| -rw-r--r-- | crypto/openssh/sshd_config.5 | 4 |
3 files changed, 10 insertions, 2 deletions
diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c index 781c2c2..c7c1c35 100644 --- a/crypto/openssh/servconf.c +++ b/crypto/openssh/servconf.c @@ -185,7 +185,11 @@ fill_default_server_options(ServerOptions *options) if (options->gss_cleanup_creds == -1) options->gss_cleanup_creds = 1; if (options->password_authentication == -1) +#ifdef USE_PAM + options->password_authentication = 0; +#else options->password_authentication = 1; +#endif if (options->kbd_interactive_authentication == -1) options->kbd_interactive_authentication = 0; if (options->challenge_response_authentication == -1) diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 4e3ec31..7dedb84 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -55,8 +55,8 @@ # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes +# Change to yes to enable built-in password authentication. +#PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable PAM authentication diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index dc221e7..cf14589 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -436,6 +436,10 @@ are refused if the number of unauthenticated connections reaches .It Cm PasswordAuthentication Specifies whether password authentication is allowed. The default is +.Dq no , +unless +.Nm sshd +was built without PAM support, in which case the default is .Dq yes . Note that if .Cm ChallengeResponseAuthentication |
