From owner-freebsd-hackers  Mon Apr 22 19:51:55 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from pintail.mail.pas.earthlink.net (pintail.mail.pas.earthlink.net [207.217.120.122])
	by hub.freebsd.org (Postfix) with ESMTP id 7ACB537B41A
	for <hackers@freebsd.org>; Mon, 22 Apr 2002 19:51:50 -0700 (PDT)
Received: from pool0527.cvx21-bradley.dialup.earthlink.net ([209.179.194.17] helo=mindspring.com)
	by pintail.mail.pas.earthlink.net with esmtp (Exim 3.33 #2)
	id 16zqOv-0002Q5-00; Mon, 22 Apr 2002 19:51:29 -0700
Message-ID: <3CC4CC15.6DED09F8@mindspring.com>
Date: Mon, 22 Apr 2002 19:51:01 -0700
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Andrew <andrew@ugh.net.au>
Cc: Jordan Hubbard <jkh@winston.freebsd.org>, hackers@freebsd.org
Subject: Re: ssh + compiled-in SKEY support considered harmful?
References: <20020423113925.N45031-100000@starbug.ugh.net.au>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Andrew wrote:
> On Mon, 22 Apr 2002, Jordan Hubbard wrote:
> > We at Apple are noticing a strange problem with newer versions of
> > ssh (which has been upgraded to OpenSSH_3.1p1) and FreeBSD 4.5-STABLE's
> > sshd. This problem did not occur with our older ssh, but it also does not
> 
> It's just your settings. Issues like this really belong on -questions ;-)
> 
> You can put "ChallengeResponseAuthentication no" into ssh{,d}_config on
> either end.


I beg to differ.

When the default behaviour is changed, the dicussion belongs here,
since here is where the proplr who live who can change it back to
The Way It Is Supposed To Be By Default(tm).

IMO, you should have to:

	"Add ``ChallengeResponseAuthentication yes'' to get the
	 new behaviour"

NOT:

	"Add ``ChallengeResponseAuthentication no'' to get the
	 historical behaviour"

It's really damn annoying.  Maybe the intention was to subtlely
harass people who put passwords challenge/response pairs into
shell scripts, but the effect has been to unsubtlely harass
people who wire their typing of passwords into their medulla.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message