1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-13 10:02:38 +00:00
freebsd/release/tools
Colin Percival 4ba35bc4db Resurrect r321659: Turn off ChallengeResponseAuthentication for EC2 AMIs.
EC2 instances are normally launched with an SSH public key specified,
which is then used for logging in (by default, as 'ec2-user').  Having
ChallengeResponseAuthentication enabled (as FreeBSD's default sshd_config
does) has no functional effect in a new EC2 instance, since you can't log
in using a password until a password has been set -- but having this
enabled results in alerts from automated scanning tools which can detect
that sshd advertises support for keyboard-interactive logins (since they
can't detect that accounts have no password set).

EC2 users who want to use passwords to log in to their instances will need
to set 'ChallengeResponseAuthentication yes' in FreeBSD 12.0 and later.

Discussed with:	gjb, gtetlow, emaste, des
Requested by:	Amazon
X-MFC:		No
Relnotes:	ChallengeResponseAuthentication is turned off by default in
		Amazon EC2 AMIs.
2017-12-05 09:08:48 +00:00
..
arm.subr Revert r323812 from release/tools/arm.subr, which has broken the 2017-09-22 14:34:27 +00:00
azure.conf
ec2.conf Resurrect r321659: Turn off ChallengeResponseAuthentication for EC2 AMIs. 2017-12-05 09:08:48 +00:00
gce.conf Remove /etc/resolv.conf from virtual machine images, which is 2017-11-21 18:02:18 +00:00
openstack.conf - Resize FreeBSD to the size of the OpenStack flavor (growfs). 2016-12-14 03:01:15 +00:00
vagrant-virtualbox.conf Remove /etc/resolv.conf from virtual machine images, which is 2017-11-21 18:02:18 +00:00
vagrant-vmware.conf Remove /etc/resolv.conf from virtual machine images, which is 2017-11-21 18:02:18 +00:00
vagrant.conf
vmimage.subr Fix an indentation nit. 2017-11-30 20:52:01 +00:00