From owner-freebsd-hackers  Tue Apr 23 13: 6: 1 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98])
	by hub.freebsd.org (Postfix) with ESMTP id 5BCAE37B425
	for <hackers@freebsd.org>; Tue, 23 Apr 2002 13:05:12 -0700 (PDT)
Received: from winston.freebsd.org (jkh@localhost [127.0.0.1])
	by winston.freebsd.org (8.12.2/8.12.2) with ESMTP id g3NK597W013904;
	Tue, 23 Apr 2002 13:05:09 -0700 (PDT)
	(envelope-from jkh@winston.freebsd.org)
To: Terry Lambert <tlambert2@mindspring.com>
Cc: hackers@freebsd.org
Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) 
In-Reply-To: Message from Terry Lambert <tlambert2@mindspring.com> 
   of "Tue, 23 Apr 2002 12:00:36 PDT." <3CC5AF54.8FB22B16@mindspring.com> 
Date: Tue, 23 Apr 2002 13:05:09 -0700
Message-ID: <13903.1019592309@winston.freebsd.org>
From: Jordan Hubbard <jkh@winston.freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

FWIW, I agree with you, but I'm more interested in fixing this right
now than I am in chasing the OpenSSH maintainers around with patches
(unless we've already forked - have we?).  I'll also be happy to
change this twice if it turns out that getting the change into OpenSSH
is easier than I thought, but I don't want just having this be fixed
contingent on that.

- Jordan

> Jordan Hubbard wrote:
> > I'm going to commit the following in 48 hours unless someone can
> > convince me that it's a good idea for FreeBSD to be the odd-OS out
> > with respect to this behavior:
> 
> [ ... ]
> 
> > -# Uncomment to disable s/key passwords
> > -#ChallengeResponseAuthentication no
> > +# Comment out to enable s/key passwords
> > +ChallengeResponseAuthentication no
> 
> IMO, the default, in the absence of an option, should be "no".
> 
> So the patch should both set the default in the source code, and
> change the file, like so:
> 
> -# Uncomment to disable s/key passwords
> -#ChallengeResponseAuthentication no
> +# Uncomment to enable s/key passwords
> +#ChallengeResponseAuthentication yes
> 
> -- Terry


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message