Updates keep overriding ssh security settings

This isn't really a question, but more of a complaint and a plea:

I have repeatedly -- with every update since 2010 -- had Apple override my ssh security settings with the default, less-secure settings of

#PasswordAuthentication yes

#ChallengeResponseAuthentication yes

#EnablePAM yes

These are not what I want, nor are they appropriate defaults, in my opinion, for any system. The defaults should be no, no, and no.

Can Apple PLEASE not overwrite the user's carefully considered sshd_config when making a system update? Every time, you've opened up security holes I had nailed closed.

Thanks in advance for doing it right in your next system update.

iMac, macOS Sierra (10.12.4), null

Posted on Apr 19, 2017 9:11 PM

17 replies

Hugh_Gibbons Author

Level 1

8 points

Apr 21, 2017 5:42 AM in response to Drew Reece

I'm pretty sure Mac OS is using /etc/ssh/sshd_config instead of /etc/sshd_config, at least on my machine, and it definitely gets updated.

Hugh_Gibbons Author

Level 1

8 points

Apr 21, 2017 5:49 AM in response to Hugh_Gibbons

also I get no receipts at all from 'pkgutil -v --files com.apple.BaseSystemBinaries'

That's with no filter.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Updates keep overriding ssh security settings

Welcome to Apple Support Community

A forum where Apple customers help each other with their products. Get started with your Apple Account.

Learn more Sign up