release: Remove references to ChallengeResponseAuthentication

This sshd_config keyword was replaced by KbdInteractiveAuthentication in
openssh 8.7, though ChallengeResponseAuthentication is silently accepted
as an alias.  However, this means that the code in ec2.conf which
modifies a commented-out line no longer does anything.  Apply a minimal
fix.

Reviewed by:	cperciva, emaste
Sponsored by:	The FreeBSD Foundation

(cherry picked from commit c1b656ac55eca1fc191225bd715b31ff25be9031)

diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf
index bb972c456fbc17878e2891f4fdabcb396666aa0e..c5eef404bf3bade8c2d507ff51592c48823d9180 100644 (file)
--- a/release/tools/ec2.conf
+++ b/release/tools/ec2.conf
@@ -120,10 +120,9 @@ EOF
        # historical "nvd" driver.
        echo 'hw.nvme.use_nvd="0"' >> ${DESTDIR}/boot/loader.conf
 
-       # Disable ChallengeResponseAuthentication according to EC2
-       # requirements.
+       # Disable KbdInteractiveAuthentication according to EC2 requirements.
        sed -i '' -e \
-               's/^#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' \
+               's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' \
                ${DESTDIR}/etc/ssh/sshd_config
 
        # Use FreeBSD Update and Portsnap mirrors hosted in AWS

diff --git a/release/tools/gce.conf b/release/tools/gce.conf
index 113784a7643ec3c3907312ce63319a1f92e50ad4..903f1e0730658cb77cf32da1d047792f22957fd8 100644 (file)
--- a/release/tools/gce.conf
+++ b/release/tools/gce.conf
@@ -69,7 +69,7 @@ EOF
 EOF
 
        cat << EOF >> ${DESTDIR}/etc/ssh/sshd_config
-ChallengeResponseAuthentication no
+KbdInteractiveAuthentication no
 X11Forwarding no
 AcceptEnv LANG
 AllowAgentForwarding no