[TriLUG] Re: OpenSSH Security Advisory (adv.iss)
Tom 'spot' Callaway
tcallawa at redhat.com
Wed Jun 26 15:11:01 EDT 2002
On Wed, 2002-06-26 at 15:19, Chris Merrill wrote:
> Brian Daniels wrote:
> >> Disable ChallengeResponseAuthentication in sshd_config.
> >
> > Note that the 'short-term solution' is an _easy_ fix. Just edit
> > sshd_config and restart sshd. Do it now, then watch for your vendor to
> > issue an update if you're uncomfortable with compiling OpenSSH yourself.
>
> Just to make sure I've got this right, my config file says:
>
> #ChallengeResponseAuthentication yes
>
> but it doesn't say what default value is...and it's commented out.
> I don't think I've changed this value...so I assume this is the
> way it appears in the config at installation (RH 7.2).
>
> I think I should change this to:
>
> ChallengeResponseAuthentication no
>
> Correct?
> Was the default value for this setting 'yes'?
No, the default value is no. ChallengeResponseAuthentication is only
used for things like s/key. You'd know if you turned it on.
~spot
---
Tom "spot" Callaway <tcallawa at redhat.com> Red Hat Sales Engineer
Sair Linux and GNU Certified Administrator (LCA)
Red Hat Certified Engineer (RHCE)
GPG: D786 8B22 D9DB 1F8B 4AB7 448E 3C5E 99AD 9305 4260
The words and opinions reflected in this message do not necessarily
reflect those of my employer, Red Hat, and belong solely to me.
"Immature poets borrow, mature poets steal." --- T. S. Eliot
More information about the TriLUG
mailing list