From owner-freebsd-hackers  Mon Apr 22 19:53:11 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from winston.freebsd.org (adsl-64-173-15-98.dsl.sntc01.pacbell.net [64.173.15.98])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6050C37B417; Mon, 22 Apr 2002 19:53:07 -0700 (PDT)
Received: from winston.freebsd.org (jkh@localhost [127.0.0.1])
	by winston.freebsd.org (8.12.2/8.12.2) with ESMTP id g3N2r67W011671;
	Mon, 22 Apr 2002 19:53:06 -0700 (PDT)
	(envelope-from jkh@winston.freebsd.org)
To: Robert Watson <rwatson@FreeBSD.ORG>
Cc: Oscar Bonilla <obonilla@galileo.edu>,
	Anthony Schneider <aschneid@mail.slc.edu>,
	Mike Meyer <mwm-dated-1019955884.8b118e@mired.org>,
	hackers@FreeBSD.ORG
Subject: Re: ssh + compiled-in SKEY support considered harmful? 
In-Reply-To: Message from Robert Watson <rwatson@FreeBSD.ORG> 
   of "Mon, 22 Apr 2002 22:41:02 EDT." <Pine.NEB.3.96L.1020422223923.64976i-100000@fledge.watson.org> 
Date: Mon, 22 Apr 2002 19:53:06 -0700
Message-ID: <11670.1019530386@winston.freebsd.org>
From: Jordan Hubbard <jkh@winston.freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

> That fix relies on the extensive PAM updates in -CURRENT however; in
> -STABLE it can probably be similarly replicated via appropriate tweaking
> of sshd (?).

Why not fix it in stable by the very simple tweaking of the
ChallengeResponseAuthentication to no in the sshd config file we ship
Trust me, this question is going to come up a _lot_ for us otherwise. :(

- Jordan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message