Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: None <>
From: Jeremy C. Reed <>
List: tech-security
Date: 06/26/2002 09:25:34
Can anyone quickly explain the challenge response based methods?

I use conventional password authentication or PubkeyAuthentication, so I
wonder if this ChallengeResponseAuthentication is even needed.

(Also, on some Debian "stable" boxes I was still using Debian packaged
patched version of 1.2.3, so I guess I wasn't even vulnerable.)

   Jeremy C. Reed