[TriLUG] Re: OpenSSH Security Advisory (adv.iss)
Chris Merrill
cmerrill at nc.rr.com
Wed Jun 26 15:19:08 EDT 2002
Brian Daniels wrote:
>> Disable ChallengeResponseAuthentication in sshd_config.
>
> Note that the 'short-term solution' is an _easy_ fix. Just edit
> sshd_config and restart sshd. Do it now, then watch for your vendor to
> issue an update if you're uncomfortable with compiling OpenSSH yourself.
Just to make sure I've got this right, my config file says:
#ChallengeResponseAuthentication yes
but it doesn't say what default value is...and it's commented out.
I don't think I've changed this value...so I assume this is the
way it appears in the config at installation (RH 7.2).
I think I should change this to:
ChallengeResponseAuthentication no
Correct?
Was the default value for this setting 'yes'?
TIA,
Chris
*********************************
Chris Merrill
cmerrill at nc.rr.com
*********************************
More information about the TriLUG
mailing list