Turn off ChallengeResponseAuthentication for EC2 AMIs, one of EC2's

requirements. MFC after: 3 days Sponsored by: The FreeBSD Foundation
svn path=/head/; revision=321659
2017-07-28 18:27:30 +00:00 · 2017-07-28 18:27:30 +00:00 · 5941ae31e0 · 2020-12-20 02:59:44 +00:00
commit 5941ae31e0
parent 4b5e2f8ea0
1 changed files with 6 additions and 0 deletions
--- a/release/tools/ec2.conf
+++ b/release/tools/ec2.conf
@ -81,6 +81,12 @@ vm_extra_pre_umount() {
 	# Load the kernel module for the Amazon "Elastic Network Adapter"
 	echo 'if_ena_load="YES"' >> ${DESTDIR}/boot/loader.conf

+	# Disable ChallengeResponseAuthentication according to EC2
+	# requirements.
+	sed -i '' -e \
+		's/^#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' \
+		${DESTDIR}/etc/ssh/sshd_config
+
 	# The first time the AMI boots, the installed "first boot" scripts
 	# should be allowed to run:
 	# * ec2_configinit (download and process EC2 user-data)