ssh: Reduce sshd_config diffs against OpenSSH 10.0p2

Upstream had a poor description for KbdInteractiveAuthentication prior
to the 10.0p2 release.  We use KbdInteractiveAuthentication for PAM
authentication, and we replaced the poor description with a note about
use by PAM.

In 10.0p2 the upstream description has been fixed.  Incorporate that
text now as it is an improvement and avoids a conflict in the upcoming
10.0p2 import.

Reviewed by:	jhb
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Ed Maste
2025-07-29 13:20:15 -04:00
parent 7b68893ffa
commit 8be24d80ad
+5 -2
View File
@@ -56,12 +56,15 @@ AuthorizedKeysFile .ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# Change to yes to enable built-in password authentication.
# Change to "yes" to enable built-in password authentication.
# Note that passwords may also be accepted via KbdInteractiveAuthentication.
#PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable PAM authentication
# Change to "no" to disable keyboard-interactive authentication. Depending on
# the system's configuration, this may involve passwords, challenge-response,
# one-time passwords or some combination of these and other methods.
# Keyboard interactive authentication is also used for PAM authentication.
#KbdInteractiveAuthentication yes
# Kerberos options