Date: Tue, 23 Apr 2002 12:06:58 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: "Greg 'groggy' Lehey" <grog@FreeBSD.org> Cc: Jordan Hubbard <jkh@winston.freebsd.org>, Oscar Bonilla <obonilla@galileo.edu>, Anthony Schneider <aschneid@mail.slc.edu>, Mike Meyer <mwm-dated-1019955884.8b118e@mired.org>, hackers@FreeBSD.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <Pine.NEB.3.96L.1020423120451.55944E-100000@fledge.watson.org> In-Reply-To: <20020423131646.I6425@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 23 Apr 2002, Greg 'groggy' Lehey wrote: > On Monday, 22 April 2002 at 19:53:06 -0700, Jordan Hubbard wrote: > >> That fix relies on the extensive PAM updates in -CURRENT however; in > >> -STABLE it can probably be similarly replicated via appropriate tweaking > >> of sshd (?). > > > > Why not fix it in stable by the very simple tweaking of the > > ChallengeResponseAuthentication to no in the sshd config file we ship > > Trust me, this question is going to come up a _lot_ for us otherwise. :( > > I've been noticing a continuing trend for more and more "safe" > configurations the default. I spent half a day recently trying to find > why I could no longer open windows on my X display, only to discover > that somebody had turned off tcp connections by default. BTW, I think this is somewhat of a red herring, and isn't really related to this discussion at all. The issue with S/Key is something that we've already built concensus on: it's a bug for most users, and should be fixed (or at least made optional), which as I indicated, is *already* the strategy taken in -CURRENT. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020423120451.55944E-100000>