d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4ba35bc4db
freebsd-dev/release
History
Colin Percival 4ba35bc4db Resurrect r321659: Turn off ChallengeResponseAuthentication for EC2 AMIs. 
EC2 instances are normally launched with an SSH public key specified,
which is then used for logging in (by default, as 'ec2-user').  Having
ChallengeResponseAuthentication enabled (as FreeBSD's default sshd_config
does) has no functional effect in a new EC2 instance, since you can't log
in using a password until a password has been set -- but having this
enabled results in alerts from automated scanning tools which can detect
that sshd advertises support for keyboard-interactive logins (since they
can't detect that accounts have no password set).

EC2 users who want to use passwords to log in to their instances will need
to set 'ChallengeResponseAuthentication yes' in FreeBSD 12.0 and later.

Discussed with:	gjb, gtetlow, emaste, des
Requested by:	Amazon
X-MFC:		No
Relnotes:	ChallengeResponseAuthentication is turned off by default in
		Amazon EC2 AMIs.
2017-12-05 09:08:48 +00:00
..
amd64 Add general configuration files used by release/release.sh for 2017-11-17 18:00:52 +00:00
arm Sort variables for consistency. 2017-11-17 17:36:45 +00:00
arm64 Use chroot(8) when invoking realpath(1) when setting BOOTFILES, 2017-11-20 15:03:03 +00:00
i386 Add general configuration files used by release/release.sh for 2017-11-17 18:00:52 +00:00
packages Add missing call to services_mkdb to build the services.db 2017-11-19 02:16:11 +00:00
picobsd spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
pkg_repos Update the pkg-stage target to be more compatible with pkg-1.2: 2014-01-16 16:12:09 +00:00
powerpc Add general configuration files used by release/release.sh for 2017-11-17 18:00:52 +00:00
scripts Rework r325076: Just use the pre-existing OBJDIR. 2017-11-05 22:29:34 +00:00
sparc64 Add general configuration files used by release/release.sh for 2017-11-17 18:00:52 +00:00
tools Resurrect r321659: Turn off ChallengeResponseAuthentication for EC2 AMIs. 2017-12-05 09:08:48 +00:00
Makefile Run mm-mtree with whatever -j value the build is using. 2017-10-31 00:03:29 +00:00
Makefile.azure Remove the HH-MM suffix from the build date suffix. 2015-07-01 14:51:26 +00:00
Makefile.ec2 Turn on support for the Amazon "Elastic Network Adapter" in EC2 AMIs. 2017-05-25 19:02:54 +00:00
Makefile.gce Fix GCE image publication. The gcutil utility is deprecated in favor 2016-08-05 19:00:45 +00:00
Makefile.mirrors Update the GUMSTIX image build to use arm/arm TARGET/TARGET_ARCH. 2017-11-13 19:31:51 +00:00
Makefile.vagrant Add some comments with examples on how to build Vagrant images. 2017-02-01 16:15:23 +00:00
Makefile.vm Ensure ${_CW} is uppercase when passing '-c' to mk-vmimage.sh, 2017-06-06 14:08:54 +00:00
rc.local Remove pc98 support completely. 2017-01-28 02:22:15 +00:00
release.conf.sample Correct a comment after r326330. 2017-11-28 18:08:14 +00:00
release.sh Fix port build flags passed to make(1) after r326315, where 2017-11-30 20:53:57 +00:00