diff options
| author | jim-p <jimp@pfsense.org> | 2016-11-25 15:08:29 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2016-11-25 15:17:25 -0500 |
| commit | ec64b0a8a655b6807fdcd627abec7172f303e1e7 (patch) | |
| tree | 2e56897e618547c9f7359424d2c368fd89d95acf /src/etc/sshd | |
| parent | 6be782ed7c69b068e35d3d1bf747aae1566037a4 (diff) | |
| download | pfsense-ec64b0a8a655b6807fdcd627abec7172f303e1e7.zip pfsense-ec64b0a8a655b6807fdcd627abec7172f303e1e7.tar.gz | |
Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963
Diffstat (limited to 'src/etc/sshd')
| -rwxr-xr-x | src/etc/sshd | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/etc/sshd b/src/etc/sshd index 80f922c..565554a 100755 --- a/src/etc/sshd +++ b/src/etc/sshd @@ -139,6 +139,7 @@ if (isset($config['system']['ssh']['sshdkeyonly'])) { $sshconf .= "ChallengeResponseAuthentication no\n"; $sshconf .= "PasswordAuthentication no\n"; $sshconf .= "PubkeyAuthentication yes\n"; + $sshconf .= "UsePAM no\n"; } else { $sshconf .= "# Login via Key and Password\n"; $sshconf .= "ChallengeResponseAuthentication yes\n"; @@ -146,7 +147,6 @@ if (isset($config['system']['ssh']['sshdkeyonly'])) { $sshconf .= "PubkeyAuthentication yes\n"; } $sshconf .= "UseDNS no\n"; -$sshconf .= "UsePAM no\n"; $sshconf .= "LoginGraceTime 30s\n"; /* Hide FreeBSD version */ $sshconf .= "VersionAddendum none\n"; |
