From owner-freebsd-hackers Mon Apr 22 20:12:31 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 1A16937B417 for ; Mon, 22 Apr 2002 20:12:29 -0700 (PDT) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g3N3CG2D561692; Mon, 22 Apr 2002 23:12:27 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20020423014031.8ACF638CC@overcee.wemm.org> References: <20020423014031.8ACF638CC@overcee.wemm.org> Date: Mon, 22 Apr 2002 23:12:15 -0400 To: Peter Wemm From: Garance A Drosihn Subject: Re: ssh + compiled-in SKEY support considered harmful? Cc: Jordan Hubbard , hackers@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 6:40 PM -0700 4/22/02, Peter Wemm wrote: >Mike Meyer wrote: > > Jordan Hubbard typed: > > > My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, >> >> Someone decided that FreeBSD should do challengeresponse >> authentication by default. You can fix it by uncommenting the line >> "#ChallengeResponseAuthentication no" in /etc/ssh/sshd_config. > >AHA! I've been wondering about this too. I cheated and set >"Protocol 1,2" to avoid the whole issue. The release notes at: http://www.FreeBSD.org/releases/4.5R/errata.html imply you can also fix this on the client side by adding the line: PreferredAuthentications publickey,password,keyboard-interactive to your own ~/.ssh/config file (useful if you need to connect to some machine where you can't change the /etc/ssh/sshd_config file). Usually I wouldn't know these things, but I just happened to be reading the errata notes a few minutes ago... :-) -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message