Re: Upcoming OpenSSH vulnerability

From: Mike Iglesias (
Date: 06/27/02

From: (Mike Iglesias)
Date: 26 Jun 2002 23:29:41 GMT

In article <>,
steve s. <steve@NOSPAMforgetaboutit> wrote:
>if you read man sshd (3.1 for me), it says the default ChallengeResponseAuth
>-entication is 'yes', so it sounds like you need to disable it. I don't
>know about the compile-time options, I didn't specify them for my systems.
>Putting this line into sshd_config doesn't seem to break them.

You're right, I misread the code (the man pages don't always reflect what
the code does, so I usually look there).

Mike Iglesias                          Internet:
University of California, Irvine       phone:       949-824-6926
Network & Academic Computing Services  FAX:         949-824-2069