Remove references to ChallengeResponseAuthentication in favour of
KbdInteractiveAuthentication. The former is what was in SSHv1, the
latter is what is in SSHv2 (RFC4256) and they were treated as som

Remove references to ChallengeResponseAuthentication in favour of
KbdInteractiveAuthentication. The former is what was in SSHv1, the
latter is what is in SSHv2 (RFC4256) and they were treated as somewhat
but not entirely equivalent. We retain the old name as deprecated alias
so config files continue to work and a reference in the man page for
people looking for it.

Prompted by bz#3303 which pointed out the discrepancy between the two
when used with Match. Man page help & ok jmc@, with & ok djm@

show more ...

the UseLogin option was removed, so remove it here too.

ok dtucker

stop loading DSA keys by default, remove sshd_config stanza and manpage
bits; from Colin Watson via bz#2662, ok dtucker@

Mark the sshd_config UsePrivilegeSeparation option as deprecated,
effectively making privsep mandatory in sandboxing mode.
ok markus@ deraadt@

(note: this doesn't remove the !privsep code paths, tho

Mark the sshd_config UsePrivilegeSeparation option as deprecated,
effectively making privsep mandatory in sandboxing mode.
ok markus@ deraadt@

(note: this doesn't remove the !privsep code paths, though that will
happen eventually).

show more ...

Catch up with the SSH1 code removal and delete all mention of
protocol 1 particularities, key files and formats, command line
options, and configuration keywords from the server documentation
and exa

Catch up with the SSH1 code removal and delete all mention of
protocol 1 particularities, key files and formats, command line
options, and configuration keywords from the server documentation
and examples. ok jmc@

show more ...

obsolete note about fascistloggin is obsolete. ok djm dtucker

make sandboxed privilege separation the default, not just for new
installs; "absolutely" deraadt@

add prohibit-password as a synonymn for without-password, since the
without-password is causing too many questions. Harden it to ban all
but pubkey, hostbased, and GSSAPI auth (when the latter is en

add prohibit-password as a synonymn for without-password, since the
without-password is causing too many questions. Harden it to ban all
but pubkey, hostbased, and GSSAPI auth (when the latter is enabled)
from djm, ok markus

show more ...

change default: PermitRootLogin without-password
matching install script changes coming as well
ok djm markus

Make sshd default to PermitRootLogin=no;
ok deraadt@ rpe@

increasing encounters with difficult DNS setups in darknets has
convinced me UseDNS off by default is better
ok djm

the /etc/ssh/ssh_host_ed25519_key is loaded by default too

shd_config PermitTTY to disallow TTY allocation, mirroring the
longstanding no-pty authorized_keys option;
bz#2070, patch from Teran McKinney; ok markus@

Remove commented-out kerberos/gssapi config options from sample config,
kerberos support is currently not enabled in ssh in OpenBSD. Discussed with
various people; ok deraadt@

Add RekeyLimit to sshd with the same syntax as the client allowing rekeying
based on traffic volume or time. ok djm@, help & ok jmc@ for the man page.

Change default of MaxStartups to 10:30:100 to start doing random early
drop at 10 connections up to 100 connections. This will make it harder
to DoS as CPUs have come a long way since the original v

Change default of MaxStartups to 10:30:100 to start doing random early
drop at 10 connections up to 100 connections. This will make it harder
to DoS as CPUs have come a long way since the original value was set
back in 2000. Prompted by nion at debian org, ok markus@

show more ...

new sshd_config option AuthorizedKeysCommand to support fetching
authorized_keys from a command in addition to (or instead of) from
the filesystem. The command is run as the target server user unless

new sshd_config option AuthorizedKeysCommand to support fetching
authorized_keys from a command in addition to (or instead of) from
the filesystem. The command is run as the target server user unless
another specified via a new AuthorizedKeysCommandUser option.

patch originally by jchadima AT redhat.com, reworked by me; feedback
and ok markus@

show more ...

Turn on systrace sandboxing of pre-auth sshd by default for new installs
by shipping a config that overrides the current UsePrivilegeSeparation=yes
default. Make it easier to flip the default in the

Turn on systrace sandboxing of pre-auth sshd by default for new installs
by shipping a config that overrides the current UsePrivilegeSeparation=yes
default. Make it easier to flip the default in the future by adding too.
prodded markus@ feedback dtucker@ "get it in" deraadt@

show more ...

mention AuthorizedPrincipalsFile=none default

VersionAddendum option to allow server operators to append some arbitrary
text to the SSH-... banner; ok deraadt@ "don't care" markus@

allow AuthorizedKeysFile to specify multiple files, separated by spaces.
Bring back authorized_keys2 as a default search path (to avoid breaking
existing users of this file), but override this in ssh

allow AuthorizedKeysFile to specify multiple files, separated by spaces.
Bring back authorized_keys2 as a default search path (to avoid breaking
existing users of this file), but override this in sshd_config so it will
be no longer used on fresh installs. Maybe in 2015 we can remove it
entierly :)

feedback and ok markus@ dtucker@

show more ...

clarify language about overriding defaults. bz#1892, from Petr Cerny

add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste <mattieu.b@gmail.com>
ok deraadt@

disable protocol 1 by default (after a transition period of about 10 years)
ok deraadt

increase default size of ssh protocol 1 ephemeral key from 768 to 1024
bits; prodded by & ok dtucker@ ok deraadt@