From owner-freebsd-stable Mon Aug 5 10:31: 7 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 424FA37B400 for ; Mon, 5 Aug 2002 10:30:56 -0700 (PDT) Received: from mserver2.gmu.edu (mail02.gmu.edu [129.174.0.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 87EF243E4A for ; Mon, 5 Aug 2002 10:23:25 -0700 (PDT) (envelope-from sbernard@gmu.edu) Received: from CERBERUS ([129.174.39.210]) by mserver2.gmu.edu (Netscape Messaging Server 4.15) with ESMTP id H0DSAF00.A6K for ; Mon, 5 Aug 2002 13:23:03 -0400 Reply-To: From: "Steve Bernard" To: Subject: RE: SSHD for protocol version 2 changed? Date: Mon, 5 Aug 2002 13:22:58 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <002e01c23a46$1c3bd480$be22410a@amfam.com> Importance: Normal Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG 'ChallengeResponseAuthentication' controls the use of S/Key as an authentication method. Disabling this is also the easy way to stop the recent SSH vulnerability from being exploited. Steve -----Original Message----- From: owner-freebsd-stable@FreeBSD.ORG [mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of John Sent: Friday, August 02, 2002 1:01 PM To: stable@FreeBSD.ORG Cc: Thomas Seck Subject: Re: SSHD for protocol version 2 changed? For the second time since vers. 4.4, I let mergemaster overwrite my sshd_config file (since the file has changed quite a bit)... Then I started getting the problem with putty. So I did a diff on the files, and found that changing one line in my sshd_config file fixes the issue. The default sshd_config file contains: # change to no to disable PAM authentication #ChallengeResponseAuthentication yes I simply changed it to read: # change to no to disable PAM authentication ChallengeResponseAuthentication no It fixes putty... which allows me to connect from work. Can someone tell me what security I'm giving up by doing this? Thanks! John (Still a FreeBSD Newb). ----- Original Message ----- From: "Thomas Seck" To: Sent: Thursday, August 01, 2002 2:32 PM Subject: Re: SSHD for protocol version 2 changed? > * Rob B (rbyrnes@ozemail.com.au): > > > A question was raised in this thread about what triggers the illegal > > operation in PuTTY when connecting. > > > > Compression OFF + Keyboard interactive OFF = OK > > Compression ON + Keyboard interactive OFF = OK > > Compression OFF + Keyboard interactive ON = dead PuTTY > > Compression ON + Keyboard interactive ON = dead PuTTY > > Strange, I tried but I cannot confirm this. > > PuTTY 0.52 on Windows XP against OpenSSH 3.4p1 FreeBSD-20020702 from a > system built on July 20 works fine here with every combination of > authentication method, compression, encryption algorithm, and "Keyboard > Interactive"-ness I could think of. > > > So as I stated in a previous mail - it doesn't matter whether you use > > comperession on the ssh session, it's the keyboard interactive bit that > > kills PuTTY. > > Hm, not here. Seems to be a bit more complicated. > > -- > Thomas Seck > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message