Re: Much ado about nothing.

From: Ralph Huntington (rjh@mohawk.net)
Date: 06/26/02


Date: Wed, 26 Jun 2002 10:54:53 -0400 (EDT)
From: Ralph Huntington <rjh@mohawk.net>
To: Benjamin Krueger <benjamin@seattleFenix.net>

From:

http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20584

=====================================================================
Administrators can remove this vulnerability [in shhd] by disabling the
Challenge-Response authentication parameter within the OpenSSH daemon
configuration file.

To disable this parameter, locate the corresponding line [in the sshd
config file] and change it to the line below [or add the line presumably]:

ChallengeResponseAuthentication no

This workaround will permanently remove the vulnerability.
=====================================================================

Hoping someone can/will confirm the above...

-=r=-

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages