Re: Questions about sshd_config man page and comments in the file
This is a discussion on Re: Questions about sshd_config man page and comments in the file within the OpenSSH Development forums, part of the Networking and Network Related category; On Thu, Feb 23, 2006 at 08:13:08PM +1100, Darren Tucker wrote: > > b)Comments in sshd_config file: [...] &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-23-2006
|
|||
|
|||
Re: Questions about sshd_config man page and comments in the file
On Thu, Feb 23, 2006 at 08:13:08PM +1100, Darren Tucker wrote:
> > b)Comments in sshd_config file: [...] > The comment in the example config file is outdated and should be fixed. Does this help clear up the confusion? Index: sshd_config ================================================== ================= RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshd_config,v retrieving revision 1.74 diff -u -p -r1.74 sshd_config --- sshd_config 13 Dec 2005 08:29:03 -0000 1.74 +++ sshd_config 23 Feb 2006 09:26:42 -0000 @@ -71,12 +71,13 @@ # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication mechanism. -# Depending on your PAM configuration, this may bypass the setting of -# PasswordAuthentication, PermitEmptyPasswords, and -# "PermitRootLogin without-password". If you just want the PAM account and -# session checks to run without PAM authentication, then enable this but set -# ChallengeResponseAuthentication=no +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. #UsePAM no #AllowTcpForwarding yes Index: sshd_config.5 ================================================== ================= RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshd_config.5,v retrieving revision 1.53 diff -u -p -r1.53 sshd_config.5 --- sshd_config.5 3 Jan 2006 07:47:31 -0000 1.53 +++ sshd_config.5 23 Feb 2006 09:27:42 -0000 @@ -677,7 +677,10 @@ If set to .Dq yes this will enable PAM authentication using .Cm ChallengeResponseAuthentication -and PAM account and session module processing for all authentication types. +and +.Cm PasswordAuthentication +in addition to PAM account and session module processing for all +authentication types. .Pp Because PAM challenge-response authentication usually serves an equivalent role to password authentication, you should disable either -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org http://www.mindrot.org/mailman/listi...enssh-unix-dev 
|
Linear Mode
