Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Jeremy C. Reed <>
From: Lubomir Sedlacik <>
List: tech-security
Date: 06/26/2002 18:35:32
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 26, 2002 at 09:25:34AM -0700, Jeremy C. Reed wrote:
> Can anyone quickly explain the challenge response based methods?
> I use conventional password authentication or PubkeyAuthentication, so I
> wonder if this ChallengeResponseAuthentication is even needed.

e.g. S/Key and BSD_AUTH, so unless you use one of them (NetBSD doesn't
support BSD_AUTH afaik), you can safely disable it.  Challenge method
means that you need to answer something back to a given question, e.g.
type OTP in S/Key negotiation.


-- Lubomir Sedlacik <>   ASCII Ribbon campaign against  /"\=
--                  <>   e-mail in gratuitous HTML and  \ /=
--                                       Microsoft proprietary formats   X =
-- PGPkey:                                  / \=
-- Key Fingerprint: DBEC 8BEC 9A90 ECEC 0FEF  716E 59CE B70B 7E3B 70E2     =

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.7 (NetBSD)