1--- sshd_config.5.orig 2026-04-25 16:05:26.905238000 -0700 2+++ sshd_config.5 2026-04-25 16:16:59.050604000 -0700 3@@ -789,7 +789,9 @@ This was formerly named HostbasedAcceptedKeyTypes. 4 .Qq ssh -Q HostbasedAcceptedAlgorithms . 5 This was formerly named HostbasedAcceptedKeyTypes. 6 .It Cm HostbasedAuthentication 7-Specifies whether rhosts or /etc/hosts.equiv authentication together 8+Specifies whether rhosts or 9+.Pa /etc/hosts.equiv 10+authentication together 11 with successful public key client host authentication is allowed 12 (host-based authentication). 13 The default is 14@@ -1489,7 +1491,7 @@ The default is 15 or 16 .Cm no . 17 The default is 18-.Cm prohibit-password . 19+.Cm no . 20 .Pp 21 If this option is set to 22 .Cm prohibit-password 23@@ -1535,6 +1537,15 @@ The default is 24 .Cm ethernet . 25 The default is 26 .Cm no . 27+Note that if 28+.Cm ChallengeResponseAuthentication 29+is 30+.Cm yes , 31+the root user may be allowed in with its password even if 32+.Cm PermitRootLogin is set to 33+.Cm prohibit-password 34+or 35+.Cm without-password . 36 .Pp 37 Independent of this setting, the permissions of the selected 38 .Xr tun 4 39@@ -2062,12 +2073,19 @@ The default is 40 .Xr sshd 8 41 as a non-root user. 42 The default is 43+.Cm yes , 44+unless 45+.Nm sshd 46+was built without PAM support, in which case the default is 47 .Cm no . 48 .It Cm VersionAddendum 49 Optionally specifies additional text to append to the SSH protocol banner 50 sent by the server upon connection. 51 The default is 52-.Cm none . 53+.Cm %%SSH_VERSION_FREEBSD_PORT%% . 54+The value 55+.Cm none 56+may be used to disable this. 57 .It Cm X11DisplayOffset 58 Specifies the first display number available for 59 .Xr sshd 8 Ns 's 60