Turn off ChallengeResponseAuthentication for EC2 AMIs, one of EC2's

requirements.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation

release/tools/ec2.conf

@@ -81,6 +81,12 @@ vm_extra_pre_umount() {
 	# Load the kernel module for the Amazon "Elastic Network Adapter"
 	echo 'if_ena_load="YES"' >> ${DESTDIR}/boot/loader.conf
 
+	# Disable ChallengeResponseAuthentication according to EC2
+	# requirements.
+	sed -i '' -e \
+		's/^#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' \
+		${DESTDIR}/etc/ssh/sshd_config
+
 	# The first time the AMI boots, the installed "first boot" scripts
 	# should be allowed to run:
 	# * ec2_configinit (download and process EC2 user-data)