From owner-freebsd-hackers Tue Apr 23 16:35:16 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from yello.shallow.net (yello.shallow.net [203.18.243.120]) by hub.freebsd.org (Postfix) with ESMTP id 2E7FB37B420 for ; Tue, 23 Apr 2002 16:34:59 -0700 (PDT) Received: by yello.shallow.net (Postfix, from userid 1001) id 46CBB2A93; Wed, 24 Apr 2002 09:34:52 +1000 (EST) Date: Wed, 24 Apr 2002 09:34:52 +1000 From: Joshua Goodall To: Jordan Hubbard Cc: hackers@freebsd.org Subject: Re: Erm, since everyone managed to HIJACK my sshd thread! ;) Message-ID: <20020423233452.GC86692@roughtrade.net> References: <3CC5AF54.8FB22B16@mindspring.com> <13903.1019592309@winston.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <13903.1019592309@winston.freebsd.org> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG We have an openssh maintainer? Right now, policy differs between branches. releng_4's openssh gives a commented alternative in the config, whilst head's gives a commented default. A consistent change to -stable would be: Index: servconf.c =================================================================== RCS file: /cvs/src/crypto/openssh/servconf.c,v retrieving revision 1.3.2.11 diff -u -u -r1.3.2.11 servconf.c --- servconf.c 28 Sep 2001 01:33:34 -0000 1.3.2.11 +++ servconf.c 23 Apr 2002 23:20:43 -0000 @@ -207,7 +207,7 @@ if (options->kbd_interactive_authentication == -1) options->kbd_interactive_authentication = 0; if (options->challenge_reponse_authentication == -1) - options->challenge_reponse_authentication = 1; + options->challenge_reponse_authentication = 0; if (options->permit_empty_passwd == -1) options->permit_empty_passwd = 0; if (options->use_login == -1) Index: sshd_config =================================================================== RCS file: /cvs/src/crypto/openssh/sshd_config,v retrieving revision 1.4.2.6 diff -u -u -r1.4.2.6 sshd_config --- sshd_config 28 Sep 2001 01:33:35 -0000 1.4.2.6 +++ sshd_config 23 Apr 2002 23:20:54 -0000 @@ -48,8 +48,8 @@ PasswordAuthentication yes PermitEmptyPasswords no -# Uncomment to disable s/key passwords -#ChallengeResponseAuthentication no +# Uncomment to enable s/key passwords +#ChallengeResponseAuthentication yes # To change Kerberos options #KerberosAuthentication no and against -current: Index: servconf.c =================================================================== RCS file: /cvs/src/crypto/openssh/servconf.c,v retrieving revision 1.30 diff -u -u -r1.30 servconf.c --- servconf.c 20 Apr 2002 09:26:43 -0000 1.30 +++ servconf.c 23 Apr 2002 23:18:01 -0000 @@ -212,7 +212,7 @@ if (options->kbd_interactive_authentication == -1) options->kbd_interactive_authentication = 0; if (options->challenge_response_authentication == -1) - options->challenge_response_authentication = 1; + options->challenge_response_authentication = 0; if (options->permit_empty_passwd == -1) options->permit_empty_passwd = 0; if (options->use_login == -1) Index: sshd_config =================================================================== RCS file: /cvs/src/crypto/openssh/sshd_config,v retrieving revision 1.19 diff -u -u -r1.19 sshd_config --- sshd_config 2 Apr 2002 21:53:54 -0000 1.19 +++ sshd_config 23 Apr 2002 23:24:54 -0000 @@ -60,8 +60,8 @@ #PasswordAuthentication yes #PermitEmptyPasswords no -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes +# Change to yes to enable s/key passwords +#ChallengeResponseAuthentication no # Kerberos options # KerberosAuthentication automatically enabled if keyfile exists On Tue, Apr 23, 2002 at 01:05:09PM -0700, Jordan Hubbard wrote: > FWIW, I agree with you, but I'm more interested in fixing this right > now than I am in chasing the OpenSSH maintainers around with patches > (unless we've already forked - have we?). I'll also be happy to > change this twice if it turns out that getting the change into OpenSSH > is easier than I thought, but I don't want just having this be fixed > contingent on that. > > - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message