Re: Erm, since everyone managed to HIJACK my sshd thread! ;)

[Joshua Goodall]

We have an openssh maintainer?

Right now, policy differs between branches. releng_4's openssh gives
a commented alternative in the config, whilst head's gives a commented
default.


A consistent change to -stable would be:

Index: servconf.c
===================================================================
RCS file: /cvs/src/crypto/openssh/servconf.c,v
retrieving revision 1.3.2.11
diff -u -u -r1.3.2.11 servconf.c
--- servconf.c  28 Sep 2001 01:33:34 -0000      1.3.2.11
+++ servconf.c  23 Apr 2002 23:20:43 -0000
@@ -207,7 +207,7 @@
        if (options->kbd_interactive_authentication == -1)
                options->kbd_interactive_authentication = 0;
        if (options->challenge_reponse_authentication == -1)
-               options->challenge_reponse_authentication = 1;
+               options->challenge_reponse_authentication = 0;
        if (options->permit_empty_passwd == -1)
                options->permit_empty_passwd = 0;
        if (options->use_login == -1)
Index: sshd_config
===================================================================
RCS file: /cvs/src/crypto/openssh/sshd_config,v
retrieving revision 1.4.2.6
diff -u -u -r1.4.2.6 sshd_config
--- sshd_config 28 Sep 2001 01:33:35 -0000      1.4.2.6
+++ sshd_config 23 Apr 2002 23:20:54 -0000
@@ -48,8 +48,8 @@
 PasswordAuthentication yes
 PermitEmptyPasswords no
 
-# Uncomment to disable s/key passwords 
-#ChallengeResponseAuthentication no
+# Uncomment to enable s/key passwords 
+#ChallengeResponseAuthentication yes
 
 # To change Kerberos options
 #KerberosAuthentication no


and against -current:


Index: servconf.c
===================================================================
RCS file: /cvs/src/crypto/openssh/servconf.c,v
retrieving revision 1.30
diff -u -u -r1.30 servconf.c
--- servconf.c  20 Apr 2002 09:26:43 -0000      1.30
+++ servconf.c  23 Apr 2002 23:18:01 -0000
@@ -212,7 +212,7 @@
        if (options->kbd_interactive_authentication == -1)
                options->kbd_interactive_authentication = 0;
        if (options->challenge_response_authentication == -1)
-               options->challenge_response_authentication = 1;
+               options->challenge_response_authentication = 0;
        if (options->permit_empty_passwd == -1)
                options->permit_empty_passwd = 0;
        if (options->use_login == -1)
Index: sshd_config
===================================================================
RCS file: /cvs/src/crypto/openssh/sshd_config,v
retrieving revision 1.19
diff -u -u -r1.19 sshd_config
--- sshd_config 2 Apr 2002 21:53:54 -0000       1.19
+++ sshd_config 23 Apr 2002 23:24:54 -0000
@@ -60,8 +60,8 @@
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
 
-# Change to no to disable s/key passwords
-#ChallengeResponseAuthentication yes
+# Change to yes to enable s/key passwords
+#ChallengeResponseAuthentication no
 
 # Kerberos options
 # KerberosAuthentication automatically enabled if keyfile exists


On Tue, Apr 23, 2002 at 01:05:09PM -0700, Jordan Hubbard wrote:
> FWIW, I agree with you, but I'm more interested in fixing this right
> now than I am in chasing the OpenSSH maintainers around with patches
> (unless we've already forked - have we?).  I'll also be happy to
> change this twice if it turns out that getting the change into OpenSSH
> is easier than I thought, but I don't want just having this be fixed
> contingent on that.
> 
> - Jordan

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message