tech-security: Re: OpenSSH Priv Sep and Remote Exploit?

Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Steven M. Bellovin <smb@research.att.com>
From: Jason R Thorpe <thorpej@wasabisystems.com>
List: tech-security
Date: 06/26/2002 11:28:19

On Wed, Jun 26, 2002 at 02:11:15PM -0400, Steven M. Bellovin wrote:

 > I'm confused again.  sshd_config in 1.6beta3 has this:
 > 
 > # Change to no to disable s/key passwords
 > #ChallengeResponseAuthentication yes
 > 
 > which implies that they're the same option.  Or is it different on 
 > other versions?  I checked 3.1 and 3.3.1.

Hm, they used to be different, I thought.  I could be mistaken.

-- 
        -- Jason R. Thorpe <thorpej@wasabisystems.com>