25a26
> ChallengeResponseAuthentication no
29,30c30,33
< Include /etc/ssh/sshd_config.d/*.conf
< KbdInteractiveAuthentication no
---
> Include sshd_config.d/*.conf
> PasswordAuthentication no
> PermitRootLogin yes
> PubkeyAuthentication yes
Which breaks down to:
ChallengeResponseAuthentication is an alias for KbdInteractiveAuthentication -> equivalent result
The Include states are also equivalent
PubkeyAuthentication yes is the default -> no effect
The default for PermitRootLogin is prohibit-password, which means password based login is disabled for root. As we only have a root user this means the behavior of the default config is again equivalent with our config.
As of langdale
Include /etc/ssh/sshd_config.d/*.confis part of the defaultsshd_config, which means we can deploy custom config via drop-in files.This change prompted me to have a look which config options should go into such a drop in file.
A diff between:
yields:
Which breaks down to:
ChallengeResponseAuthenticationis an alias forKbdInteractiveAuthentication-> equivalent resultIncludestates are also equivalentPubkeyAuthentication yesis the default -> no effectPermitRootLoginisprohibit-password, which means password based login is disabled for root. As we only have a root user this means the behavior of the default config is again equivalent with our config.Drop the custom config for easier maintainance.