upstream commit add prohibit-password as a synonymn for without-password, since the without-password is causing too many questions. Harden it to ban all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from djm, ok markus Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a

commit: 1dc8d93ce69d6565747eb44446ed117187621b26 [log] [tgz]
author: deraadt@openbsd.org <deraadt@openbsd.org> Thu Aug 06 14:53:21 2015 +0000
committer: Damien Miller <djm@mindrot.org> Tue Aug 11 18:57:29 2015 +1000
tree: 68e850b1c037c7d744836000527320d11b143168
parent: 90a95a4745a531b62b81ce3b025e892bdc434de5 [diff] [blame]
diff --git a/sshd_config b/sshd_config
index 46df162..4d77f05 100644
--- a/sshd_config
+++ b/sshd_config

@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.96 2015/07/30 19:23:02 deraadt Exp $
+#	$OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -41,7 +41,7 @@
 # Authentication:
 
 #LoginGraceTime 2m
-#PermitRootLogin without-password
+#PermitRootLogin prohibit-password
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
commit	1dc8d93ce69d6565747eb44446ed117187621b26	[log] [tgz]
author	deraadt@openbsd.org <deraadt@openbsd.org>	Thu Aug 06 14:53:21 2015 +0000
committer	Damien Miller <djm@mindrot.org>	Tue Aug 11 18:57:29 2015 +1000
tree	68e850b1c037c7d744836000527320d11b143168
parent	90a95a4745a531b62b81ce3b025e892bdc434de5 [diff] [blame]