From owner-freebsd-current@FreeBSD.ORG Thu Feb 26 09:15:01 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2433716A4CE for ; Thu, 26 Feb 2004 09:15:01 -0800 (PST) Received: from fep04-mail.bloor.is.net.cable.rogers.com (fep04-mail.bloor.is.net.cable.rogers.com [66.185.86.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id A104643D2D for ; Thu, 26 Feb 2004 09:15:00 -0800 (PST) (envelope-from mikej@rogers.com) Received: from win2000 ([63.139.3.63]) by fep04-mail.bloor.is.net.cable.rogers.comESMTP <20040226171444.ILLR435635.fep04-mail.bloor.is.net.cable.rogers.com@win2000>; Thu, 26 Feb 2004 12:14:44 -0500 From: "Mike Jakubik" To: =?iso-8859-1?Q?'Dag-Erling_Sm=F8rgrav'?= Date: Thu, 26 Feb 2004 12:15:33 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook, Build 11.0.5510 In-Reply-To: Thread-Index: AcP8XedY493DPxWDQni76hTlf2EUYQALZRoA X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Authentication-Info: Submitted using SMTP AUTH LOGIN at fep04-mail.bloor.is.net.cable.rogers.com from [63.139.3.63] using ID at Thu, 26 Feb 2004 12:14:44 -0500 Message-Id: <20040226171444.ILLR435635.fep04-mail.bloor.is.net.cable.rogers.com@win2000> cc: current@freebsd.org Subject: RE: sshd_config 1.35 commit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Feb 2004 17:15:01 -0000 > -----Original Message----- > From: owner-freebsd-current@freebsd.org=20 > [mailto:owner-freebsd-current@freebsd.org] On Behalf Of=20 > Dag-Erling Sm=F8rgrav > Sent: Thursday, February 26, 2004 6:44 AM > To: Mike Jakubik > Cc: current@freebsd.org > Subject: Re: sshd_config 1.35 commit >=20 > "Mike Jakubik" writes: > > I have built world recently, only to find out I cant=20 > log into my=20 > > server via ssh anymore. Am I the only one that thinks disabling=20 > > password authentication in default sshd is a stupid idea? >=20 > Yes. Password authentication allows the client to circumvent=20 > PAM policies. If your client doesn't support=20 > keyboard-interactive, get a better client (hint: putty). >=20 > DES When choosing ssh v2 and keyboard-interactive authentication in = SecureCRT I have to enter the password twice (it doesn=92t work the first time) and = I can not save the password. You think this is better than the old behavior? = What better ssh software is there than SecureCRT? I don=92t like putty. I'm = not going to memorize all my clients logins, and waste time typing them in. = It=92s a pain in the ass and a waste of time. How come this PAM circumvention wasn=92t a problem before? We've always been using password logins.