Project

General

Profile

Bug #10168

Wrong comment in /etc/ssh/sshd_config

Added by Hubert Garavel 8 months ago. Updated 8 months ago.

Status:
New
Priority:
Normal
Assignee:
Category:
OI-Userland
Target version:
Start date:
2018-12-31
Due date:
% Done:

0%

Estimated time:
Difficulty:
Bite-size
Tags:
needs-triage

Description

The following code fragment in sshd_config is misleading:

# To disable tunneled clear text passwords, change PasswordAuthentication to no.
PasswordAuthentication yes

Indeed, Setting PasswordAuthentication to "no" will NOT disable clear-text
passwords if ChallengeResponseAuthentication keeps its default value "yes" .
One also needs to set ChallengeResponseAuthentication to "no".

See for details, eg.
[[https://access.redhat.com/solutions/336773]]
or
[[https://blog.tankywoo.com/linux/2013/09/14/ssh-passwordauthentication-vs-challengeresponseauthentication.html]]

The above code fragment should be replaced by

# To disable tunneled clear text passwords, change PasswordAuthentication and ChallengeResponseAuthentication to no.
PasswordAuthentication yes
ChallengeResponseAuthentication yes

History

#1

Updated by Michal Nowak 8 months ago

  • Target version set to Hipster
  • Assignee set to Michal Nowak
  • Category set to OI-Userland

Also available in: Atom PDF