Date: Mon, 22 Apr 2002 23:12:15 -0400 From: Garance A Drosihn <drosih@rpi.edu> To: Peter Wemm <peter@wemm.org> Cc: Jordan Hubbard <jkh@winston.freebsd.org>, hackers@FreeBSD.ORG Subject: Re: ssh + compiled-in SKEY support considered harmful? Message-ID: <p05111701b8ea80ed3139@[128.113.24.47]> In-Reply-To: <20020423014031.8ACF638CC@overcee.wemm.org> References: <20020423014031.8ACF638CC@overcee.wemm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 6:40 PM -0700 4/22/02, Peter Wemm wrote:
>Mike Meyer wrote:
> > Jordan Hubbard <jkh@winston.freebsd.org> typed:
> > > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter,
>>
>> Someone decided that FreeBSD should do challengeresponse
>> authentication by default. You can fix it by uncommenting the line
>> "#ChallengeResponseAuthentication no" in /etc/ssh/sshd_config.
>
>AHA! I've been wondering about this too. I cheated and set
>"Protocol 1,2" to avoid the whole issue.
The release notes at:
http://www.FreeBSD.org/releases/4.5R/errata.html
imply you can also fix this on the client side by adding the
line:
PreferredAuthentications publickey,password,keyboard-interactive
to your own ~/.ssh/config file (useful if you need to connect to
some machine where you can't change the /etc/ssh/sshd_config file).
Usually I wouldn't know these things, but I just happened to be
reading the errata notes a few minutes ago... :-)
--
Garance Alistair Drosehn = gad@gilead.netel.rpi.edu
Senior Systems Programmer or gad@freebsd.org
Rensselaer Polytechnic Institute or drosih@rpi.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05111701b8ea80ed3139>