Re: Much ado about nothing.

From: Ralph Huntington (
Date: 06/26/02

Date: Wed, 26 Jun 2002 10:54:53 -0400 (EDT)
From: Ralph Huntington <>
To: Benjamin Krueger <>


Administrators can remove this vulnerability [in shhd] by disabling the
Challenge-Response authentication parameter within the OpenSSH daemon
configuration file.

To disable this parameter, locate the corresponding line [in the sshd
config file] and change it to the line below [or add the line presumably]:

ChallengeResponseAuthentication no

This workaround will permanently remove the vulnerability.

Hoping someone can/will confirm the above...


To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages