release: Remove references to ChallengeResponseAuthentication

This sshd_config keyword was replaced by KbdInteractiveAuthentication in
openssh 8.7, though ChallengeResponseAuthentication is silently accepted
as an alias.  However, this means that the code in ec2.conf which
modifies a commented-out line no longer does anything.  Apply a minimal
fix.

Reviewed by:	cperciva, emaste
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34400

2 files changed, 3 insertions, 4 deletions

diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf
index f0665646088b..5be4937379a0 100644
--- a/release/tools/ec2.conf
+++ b/release/tools/ec2.conf
@@ -122,10 +122,9 @@ EOF
 	# historical "nvd" driver.
 	echo 'hw.nvme.use_nvd="0"' >> ${DESTDIR}/boot/loader.conf
 
-	# Disable ChallengeResponseAuthentication according to EC2
-	# requirements.
+	# Disable KbdInteractiveAuthentication according to EC2 requirements.
 	sed -i '' -e \
-		's/^#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' \
+		's/^#KbdInteractiveAuthentication yes/KbdInteractiveAuthentication no/' \
 		${DESTDIR}/etc/ssh/sshd_config
 
 	# Use FreeBSD Update and Portsnap mirrors hosted in AWS
diff --git a/release/tools/gce.conf b/release/tools/gce.conf
index 745477f0bc8e..74e7455cb9dd 100644
--- a/release/tools/gce.conf
+++ b/release/tools/gce.conf
@@ -70,7 +70,7 @@ EOF
 EOF
 
 	cat << EOF >> ${DESTDIR}/etc/ssh/sshd_config
-ChallengeResponseAuthentication no
+KbdInteractiveAuthentication no
 X11Forwarding no
 AcceptEnv LANG
 AllowAgentForwarding no