db1e9749f5
EC2 instances are normally launched with an SSH public key specified, which is then used for logging in (by default, as 'ec2-user'). Having ChallengeResponseAuthentication enabled (as FreeBSD's default sshd_config does) has no functional effect in a new EC2 instance, since you can't log in using a password until a password has been set -- but having this enabled results in alerts from automated scanning tools which can detect that sshd advertises support for keyboard-interactive logins (since they can't detect that accounts have no password set). EC2 users who want to use passwords to log in to their instances will need to set 'ChallengeResponseAuthentication yes' in FreeBSD 12.0 and later. Discussed with: gjb, gtetlow, emaste, des Requested by: Amazon X-MFC: No Relnotes: ChallengeResponseAuthentication is turned off by default in Amazon EC2 AMIs. |
||
|---|---|---|
| .. | ||
| arm.subr | ||
| azure.conf | ||
| ec2.conf | ||
| gce.conf | ||
| openstack.conf | ||
| vagrant-virtualbox.conf | ||
| vagrant-vmware.conf | ||
| vagrant.conf | ||
| vmimage.subr | ||