On Wed, 26 Jun 2002, Dan Hollis wrote: > On Wed, 26 Jun 2002, Craig Kelley wrote: > > I know you're all probably aware of this by now, but a serious hole is in > > all versions of OpenSSH shipped with all versions of RedHat: > > http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0 > > does any redhat ship with 'ChallengeResponseAuthentication yes' as > default?
It's commented out in 7.2 and 7.3, so I'm not sure what the default is. The 6.2 version is commented out, but the 'no' value is what is commented out.... -- Craig Kelley -- [EMAIL PROTECTED] -- This document is rot26-encoded, and protected from being read by the DMCA and all other WIPO treaty nations. http://www.isu.edu/~kellcrai finger [EMAIL PROTECTED] for PGP block _______________________________________________ Redhat-devel-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-devel-list