Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: None <>
From: Jarle Greipsland <>
List: tech-security
Date: 06/26/2002 20:37:18
Jason R Thorpe <> writes:
> It's completely absurd that the OpenSSH people recommended blind upgrades
> to a PrivSep version of OpenSSH, rather than just suggesting to people that
> they disable ChallengeResponseAuthentication.

Bus is it sufficient to disable ChallengeResponseAuthentication
in the configuration file?  Or does one also have to disable the
feature(s) when compiling the sshd program?