9a7dab4b5a
Changelog: http://www.openssh.org/txt/release-6.3 - Use options helpers where possible - Use upstream patch mirror for x509 and HPN - Update HPN patch to v14 and use upstream version - Add option NONECIPHER to allow disabling NONE in HPN patch - Update x509 patch from 7.4.1 to 7.6 - Add support for LDNS and enable by it and VerifyHostKeyDNS/SSHFP by default. See http://lists.freebsd.org/pipermail/freebsd-security/2013-September/007180.html which describes this change, but is supported on releases before 10 as well with LDNS option. - Update SCTP to patchlevel 2329 - Update recommendation on secure usage of SSH - Add pkg-message warning about ECDSA key possibly being incorrect due to previously being written as DSA by the rc script and fixed in r299902 in 2012
15 lines
838 B
Text
15 lines
838 B
Text
To enable this port, add openssh_enable="YES" in your rc.conf. To
|
|
prevent conflict with openssh in the base system add sshd_enable="NO"
|
|
in your rc.conf. Also you can configure openssh at another TCP port (via
|
|
sshd_config 'Port' and 'Listen' options or via 'openssh_flags'
|
|
variable in rc.conf) and run it in same time with base sshd.
|
|
|
|
'PermitRootLogin no' is the default for the OpenSSH port.
|
|
This now matches the PermitRootLogin configuration of OpenSSH in
|
|
the base system. Please be aware of this when upgrading your
|
|
OpenSSH port, and if truly necessary, re-enable remote root login
|
|
by readjusting this option in your sshd_config.
|
|
|
|
Users are encouraged to create single-purpose users with ssh keys, disable
|
|
Password auth with 'PasswordAuthentication no' and define very narrow sudo
|
|
privileges instead of using root for automated tasks.
|