From nobody Wed Oct 19 13:01:32 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MsrTS2rHqz4fv8F; Wed, 19 Oct 2022 13:01:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MsrTS2RBRz3Fk7; Wed, 19 Oct 2022 13:01:32 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1666184492; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EK1BAp5VaURDs8CC/5Uw4DZeJqQ4iQ1gZa1EVxPfAWc=; b=HoSV2esSgE00gun8KsgWVcauBAmHjdc/U06uVMFH44m/6TcdXMf18KqDBrej/p8fkanNVu 5MN1RsLcBfHlMTUG+fgIj29I4lhwwYL3mxaJCJlzl7aLIZ2vuUckIFQ0TglmewbxCC9BOa HqKFhvbXNVI+7SLfvHAujW8Zb0obRNANIfRQrqC/fLoRdvA7UkmjtcPWjiGm35cOAxGG97 GF6SCR3ltROAzrenzengH3C9ehS1vVAWGumqtyhsiOpie2oxL45FJxY6t/UztXb+pteYvi psdQHszeapnem44k72Stf6K8CyCIiuKymcORtow5zIBwKpmpvV2LVq9tnjGS+g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MsrTS1TbJzXh9; Wed, 19 Oct 2022 13:01:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 29JD1Wha045901; Wed, 19 Oct 2022 13:01:32 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 29JD1WUO045900; Wed, 19 Oct 2022 13:01:32 GMT (envelope-from git) Date: Wed, 19 Oct 2022 13:01:32 GMT Message-Id: <202210191301.29JD1WUO045900@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 48128454f0c4 - stable/12 - nanobsd: remove unmodified copies of ssh config files List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 48128454f0c4e27b5b586b988ff916644f02a8b2 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1666184492; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EK1BAp5VaURDs8CC/5Uw4DZeJqQ4iQ1gZa1EVxPfAWc=; b=TprSW/tl5KBcSOPRpWCccR3hellRroLpALoz32z5Yqaw5rXG9L+fZA5jsZ0FRE0a00Agxx Eojl1l0PNioB2g0AOSK7JPV/XBimUcVI/c5McV4+XKKJryOP2aPgP+O10tuNAjXuQycNCU yTRHhqux1MWUp9yieMrXOF/m2Y40MF9hyusGI9Zk0YalJfs9ri+34mJe3gsGIvA9mvVyp1 52TtZ+nZgtOu/L2zPLC5xWPO/LINUCbrgtpYwoPZknST7dUMxZgYwff1GQUIPh0RhoOW0o HUw050HVq7yv2Nj9u02SihcQYixM/m62dvRXHD9KDS6x9bUi2aycMXdhElbiCw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1666184492; a=rsa-sha256; cv=none; b=DReWDydlu1oSEl7zAGe/M4zUp7tuaB5I689MBPgLPRAltolJS3O+nHj0wI6VfsqC7+EB7w n4TQC0xdeYFisZYefw3zE/FzSoZ90KzYP2u7KHlsRA7lYjN48tBGlbwD0e62AW+WACCW95 VlptkE4FEYilMwTWUXjaNU+e22t1OAM0jVm/lumU8EkNttfhCCrXJtIrWv+KXn2fw0LZHO GLVRWQE4mg8oMvsktIRsG128wWo7hglH4u+rVjBiUyu5Rz1zoAFGDGQl6gIGqWcgNOM9Em 5a/Az/IvCKW0o+nfDzRUMhz4sQGO6J67e50Z4LME5PnAsGj1O5cRuHQphuVqJg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=48128454f0c4e27b5b586b988ff916644f02a8b2 commit 48128454f0c4e27b5b586b988ff916644f02a8b2 Author: Ed Maste AuthorDate: 2022-04-13 21:04:33 +0000 Commit: Ed Maste CommitDate: 2022-10-19 13:01:22 +0000 nanobsd: remove unmodified copies of ssh config files Nanobsd included copies of ssh_config and sshd_config. The former is identical to the one provided by the base system, and the latter is identical except for PermitRootLogin, which is updated by nanobsd's cust_allow_ssh_root anyhow. Remove nanobsd's copies and use the existing base system ones. Reported by: Jose Luis Duran in D34937 Reviewed by: Jose Luis Duran , imp Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D36933 (cherry picked from commit 42942998437d9304110e39b04552853729aa498e) (cherry picked from commit 6e6c45e66f68e68b451a27430f51a687e00bad15) (cherry picked from commit a1e39f96d244fe30a3277c9cefbfd23e046cf845) (cherry picked from commit a8925e0e578f355a201f81bf52161d6312826911) --- crypto/openssh/FREEBSD-upgrade | 9 +- .../tools/nanobsd/rescue/Files/etc/ssh/ssh_config | 49 --------- .../tools/nanobsd/rescue/Files/etc/ssh/sshd_config | 121 --------------------- 3 files changed, 2 insertions(+), 177 deletions(-) diff --git a/crypto/openssh/FREEBSD-upgrade b/crypto/openssh/FREEBSD-upgrade index 3ec063a5923d..50ef62d3fec6 100644 --- a/crypto/openssh/FREEBSD-upgrade +++ b/crypto/openssh/FREEBSD-upgrade @@ -103,16 +103,11 @@ something significant changes or if ssh_namespace.h is out of whack. -12) Update nanobsd's copies of the ssh config files: - - tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config - tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config - -13) Check for references to obsolete configuration options +12) Check for references to obsolete configuration options (e.g., ChallengeResponseAuthentication in sshd_config) which may exist in release/ scripts. -14) Commit, and hunker down for the inevitable storm of complaints. +13) Commit, and hunker down for the inevitable storm of complaints. diff --git a/tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config b/tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config deleted file mode 100644 index 3b2ca9aa6d8d..000000000000 --- a/tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config +++ /dev/null @@ -1,49 +0,0 @@ -# $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $ -# $FreeBSD$ - -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. - -# Host * -# ForwardAgent no -# ForwardX11 no -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# BatchMode no -# CheckHostIP no -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# IdentityFile ~/.ssh/id_ecdsa -# IdentityFile ~/.ssh/id_ed25519 -# Port 22 -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no -# VisualHostKey no -# ProxyCommand ssh -q -W %h:%p gateway.example.com -# RekeyLimit 1G 1h -# UserKnownHostsFile ~/.ssh/known_hosts.d/%k -# VerifyHostKeyDNS yes -# VersionAddendum FreeBSD-20211221 diff --git a/tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config b/tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config deleted file mode 100644 index 81ff5a66d22c..000000000000 --- a/tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config +++ /dev/null @@ -1,121 +0,0 @@ -# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ -# $FreeBSD$ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -# Note that some of FreeBSD's defaults differ from OpenBSD's, and -# FreeBSD has a few additional options. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# Change to yes to enable built-in password authentication. -#PasswordAuthentication no -#PermitEmptyPasswords no - -# Change to no to disable PAM authentication -#KbdInteractiveAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'no' to disable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the KbdInteractiveAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and KbdInteractiveAuthentication to 'no'. -#UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS yes -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#UseBlacklist no -#VersionAddendum FreeBSD-20211221 - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/libexec/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server