From owner-freebsd-hackers Mon Apr 22 19:53:11 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98]) by hub.freebsd.org (Postfix) with ESMTP id 6050C37B417; Mon, 22 Apr 2002 19:53:07 -0700 (PDT) Received: from winston.freebsd.org (jkh@localhost [127.0.0.1]) by winston.freebsd.org (8.12.2/8.12.2) with ESMTP id g3N2r67W011671; Mon, 22 Apr 2002 19:53:06 -0700 (PDT) (envelope-from jkh@winston.freebsd.org) To: Robert Watson Cc: Oscar Bonilla , Anthony Schneider , Mike Meyer , hackers@FreeBSD.ORG Subject: Re: ssh + compiled-in SKEY support considered harmful? In-Reply-To: Message from Robert Watson of "Mon, 22 Apr 2002 22:41:02 EDT." Date: Mon, 22 Apr 2002 19:53:06 -0700 Message-ID: <11670.1019530386@winston.freebsd.org> From: Jordan Hubbard Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > That fix relies on the extensive PAM updates in -CURRENT however; in > -STABLE it can probably be similarly replicated via appropriate tweaking > of sshd (?). Why not fix it in stable by the very simple tweaking of the ChallengeResponseAuthentication to no in the sshd config file we ship Trust me, this question is going to come up a _lot_ for us otherwise. :( - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message