Project

General

Profile

Actions

Bug #10168

open

Wrong comment in /etc/ssh/sshd_config

Added by Hubert Garavel over 2 years ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
OI-Userland
Target version:
Start date:
2018-12-31
Due date:
% Done:

0%

Estimated time:
Difficulty:
Bite-size
Tags:
needs-triage

Description

The following code fragment in sshd_config is misleading:

# To disable tunneled clear text passwords, change PasswordAuthentication to no.
PasswordAuthentication yes

Indeed, Setting PasswordAuthentication to "no" will NOT disable clear-text
passwords if ChallengeResponseAuthentication keeps its default value "yes" .
One also needs to set ChallengeResponseAuthentication to "no".

See for details, eg.
[[https://access.redhat.com/solutions/336773]]
or
[[https://blog.tankywoo.com/linux/2013/09/14/ssh-passwordauthentication-vs-challengeresponseauthentication.html]]

The above code fragment should be replaced by

# To disable tunneled clear text passwords, change PasswordAuthentication and ChallengeResponseAuthentication to no.
PasswordAuthentication yes
ChallengeResponseAuthentication yes
Actions #1

Updated by Michal Nowak over 2 years ago

  • Category set to OI-Userland
  • Assignee set to Michal Nowak
  • Target version set to Hipster
Actions #2

Updated by Michal Nowak 2 months ago

  • Assignee deleted (Michal Nowak)
Actions

Also available in: Atom PDF