git: sshd - Add safety measures to the default installed sshd_config

Matthew Dillon dillon at
Wed Feb 3 11:06:57 PST 2010

commit a2fe50b040a514cfa4e6937a87093be6ca0c8693
Author: Matthew Dillon <dillon at>
Date:   Wed Feb 3 10:24:36 2010 -0800

    sshd - Add safety measures to the default installed sshd_config
    * Uncomment various sshd_config options to enforce their defaults.
      This does not make any changes to the current defaults but ensures that
      the configuration state for these particular options will not change
      if the default happens to be changed in the distributed codebase.
      RhostsRSAAuthentication no
      HostbasedAuthentication no
      IgnoreRhosts yes
    * Change the ChallengeResponseAuthentication default from 'yes' to 'no'.
      This only applies to PAM and PAM is disabled by default so this change
      has no effect unless PAM is enabled by default at some future time.
    * For now leave UsePAM commented out, do not enforce its default 'no' state.
      The changes above will make it safe if the codebase default changes in
      the future.  The codebase default is currently 'no'.
    * Note that we previously also changed the PasswordAuthentication default
      to 'no', so everything is on the same page now.
    Suggested-by: Doug Barton <dougb at> (generally)

Summary of changes:
 crypto/openssh/sshd_config |   12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

DragonFly BSD source repository

More information about the Commits mailing list