[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Aw: debian-ssh@lists.debian.org in /usr/share/openssh/sshd_config

A  further note: the value for <ChallengeResponseAuthentication> is "no" in its default configuration. "man sshd_config" states "The default is yes.". Is this inconsistent?

Yours

Lopiuh
 
 

Gesendet: Sonntag, 22. Januar 2017 um 19:53 Uhr
Von: "foo fighter" <lopiuh@gmx.net>
An: debian-ssh@lists.debian.org
Betreff: debian-ssh@lists.debian.org in /usr/share/openssh/sshd_config
Hi,

ChallengeResponseAuthentication is one of the few configuration parameters which are not uncommented in its default state. Is this intentionally or shoud the line be uncommented in order to have a consistent default config file of the openssh-server in debian?

As far as I remember the default settings where explicit in the config file in the past (1) and now all implicit (uncomented) (2). This makes a big change for users who do not often check their configgfiles when the default are changed upstream or package-maintainer. New default is (1) not effective / (2) is effective.
(Assumed user did not change settings)

[...]
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
[...]

 
Thanks

Lopiuh
Reply to: