Date: Wed, 26 Jun 2002 10:54:53 -0400 (EDT) From: Ralph Huntington <rjh@mohawk.net> To: Benjamin Krueger <benjamin@seattleFenix.net> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Much ado about nothing. Message-ID: <20020626105132.E41820-100000@mohegan.mohawk.net> In-Reply-To: <20020626072326.A4270@mail.seattleFenix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
From: http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584 ===================================================================== Administrators can remove this vulnerability [in shhd] by disabling the Challenge-Response authentication parameter within the OpenSSH daemon configuration file. To disable this parameter, locate the corresponding line [in the sshd config file] and change it to the line below [or add the line presumably]: ChallengeResponseAuthentication no This workaround will permanently remove the vulnerability. ===================================================================== Hoping someone can/will confirm the above... -=r=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626105132.E41820-100000>