From owner-freebsd-security  Thu Jun 27  4:54:48 2002
Delivered-To: freebsd-security@freebsd.org
Received: from bran.mc.mpls.visi.com (bran.mc.mpls.visi.com [208.42.156.103])
	by hub.freebsd.org (Postfix) with ESMTP id A9DBA37B400
	for <freebsd-security@FreeBSD.ORG>; Thu, 27 Jun 2002 04:54:42 -0700 (PDT)
Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193])
	by bran.mc.mpls.visi.com (Postfix) with ESMTP
	id 85DC54D08; Thu, 27 Jun 2002 06:54:41 -0500 (CDT)
Received: (from hawkeyd@localhost)
	by sheol.localdomain (8.11.6/8.11.6) id g5RBsZZ03808;
	Thu, 27 Jun 2002 06:54:35 -0500 (CDT)
	(envelope-from hawkeyd)
Date: Thu, 27 Jun 2002 06:54:35 -0500
From: D J Hawkey Jr <hawkeyd@visi.com>
To: "Nickolay A. Kritsky" <nkritsky@internethelp.ru>
Cc: Steve Ames <steve@energistic.com>,
	Dag-Erling Smorgrav <des@ofug.org>, freebsd-security@FreeBSD.ORG
Subject: Re: CERT (Was: Re: NUTS! "Much ado about nothing" -- I need a clearer up or down)
Message-ID: <20020627065435.A3772@sheol.localdomain>
Reply-To: hawkeyd@visi.com
References: <UqmS8.2068$eH2.1608821@ruti.visi.com> <200206261711.g5QHB9t00396@sheol.localdomain> <xzpr8itxzgm.fsf@flood.ping.uio.no> <20020626210055.A2065@sheol.localdomain> <20020627022949.GA55324@energistic.com> <20020626214957.A2165@sheol.localdomain> <88624007.20020627130948@internethelp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <88624007.20020627130948@internethelp.ru>; from nkritsky@internethelp.ru on Thu, Jun 27, 2002 at 01:09:48PM +0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Jun 27, at 01:09 PM, Nickolay A. Kritsky wrote:
> 
> DJHJ> See below for some observations. For brevity's sake, I've snipped irrelevant
> DJHJ> text.
> 
> for brevity's sake I've snipped even more
> 
> <snip>
> 
> >> Disable PAM authentication via interactive keyboard
> >> 
> >>    [SNIP]
> >> 
> >>           PAMAuthenticationViaKbdInt no
> 
> DJHJ> No such animal with the OpenSSH version in RELENG_4_5.
> 
> I don't know which version of OpenSSH is used in RELENG_4_5, but for
> those of you, who run OpenSSH_2.9.9p2, this is what you should know:
> such option exists, and according to man page is turned off by
> default.

OpenSSH in RELENG_4_5 (FreeBSD 4.5-RELEASE[-pN]) is OpenSSH_2.9.
To reiterate, all that has to be done for this version is turn off
"ChallengeResponseAuthentication".

> ; NKritsky

Dave

-- 
  ______________________                         ______________________
  \__________________   \    D. J. HAWKEY JR.   /   __________________/
     \________________/\     hawkeyd@visi.com    /\________________/
                      http://www.visi.com/~hawkeyd/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message