In message <20020626093857.X1614@dr-evil.shagadelic.org>, Jason R Thorpe writes
:
>On Wed, Jun 26, 2002 at 08:44:54AM -0400, Mark E. Perkins wrote:
>
> > 2) In the interim, is it sufficient to enable UsePrivilegeSeparation (in
> > .../sshd_config) for 3.2.3p1, add the sshd user (which required creating
> > /var/empty)? Based on earlier comments in this thread, this seems to be
> > enough (I see an sshd-user-owned sshd when I connect with ssh).
>
>You can also set ChallengeResponseAuthentication to no (I would make
>sure SkeyAuthentication is also no) in the mean time.
>

I'm confused again.  sshd_config in 1.6beta3 has this:

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

which implies that they're the same option.  Or is it different on 
other versions?  I checked 3.1 and 3.3.1.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)