Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: None <>
From: Jeremy C. Reed <>
List: tech-security
Date: 06/26/2002 09:44:11
> > Can anyone quickly explain the challenge response based methods?
> >
> > I use conventional password authentication or PubkeyAuthentication, so I
> > wonder if this ChallengeResponseAuthentication is even needed.
> e.g. S/Key and BSD_AUTH, so unless you use one of them (NetBSD doesn't
> support BSD_AUTH afaik), you can safely disable it.  Challenge method
> means that you need to answer something back to a given question, e.g.
> type OTP in S/Key negotiation.

Thank you Seth K. and Lubomir for the explanations. (I already understand
what it means generically. I guess I was just wondering if I ever needed
or used ChallengeResponseAuthentication in the first place.)

   Jeremy C. Reed