[Bug 255374] New: openssh changed default
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=255374 Summary: openssh changed default Product: openSUSE 10.3 Version: Alpha 2 Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: Network AssignedTo: anicka@novell.com ReportedBy: dmueller@novell.com QAContact: qa@suse.de Hi, openssh no longer enables password challenge response authentication by default. if this changed behaviour is desired, then at least the update case should preserve old behaviour, otherwise you're locking yourself out of the machine. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=255374 nadvornik@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nadvornik@novell.com Status|NEW |NEEDINFO Info Provider| |dmueller@novell.com ------- Comment #1 from nadvornik@novell.com 2007-03-19 10:08 MST ------- What exactly does not work? Do you mean the ChallengeResponseAuthentication option? It is commented out in the default sshd_config file, man page says that it is enabled by default and the code seems to correspond to this. The ChangeLog contains this, but it should not affect the default: - dtucker@cvs.openbsd.org 2007/03/01 10:28:02 [auth2.c sshd_config.5 servconf.c] Remove ChallengeResponseAuthentication support inside a Match block as its interaction with KbdInteractive makes it difficult to support. Also, relocate the CR/kbdint option special-case code into servconf. "please commit" djm@, ok markus@ for the relocation. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=255374 stbinner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |stbinner@novell.com ------- Comment #2 from stbinner@novell.com 2007-03-19 10:33 MST ------- Just ran into the same problem. Uncommenting "ChallengeResponseAuthentication yes" restored the old behavior so it's obviously not enabled by default. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=255374 dmueller@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|dmueller@novell.com | ------- Comment #3 from dmueller@novell.com 2007-03-19 10:34 MST ------- the default is switched now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=255374 ------- Comment #4 from nadvornik@novell.com 2007-03-19 12:28 MST ------- Created an attachment (id=125300) --> (https://bugzilla.novell.com/attachment.cgi?id=125300&action=view) openssh-4.6p1-challenge.patch The value of options->challenge_response_authentication was used before the default was set. This patch fixes it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=255374 nadvornik@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Critical |Normal Status|NEW |ASSIGNED ------- Comment #5 from nadvornik@novell.com 2007-03-19 12:30 MST ------- Fixed package is submitted. Anicka, can you please send the patch upstream? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=255374 anicka@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Comment #6 from anicka@novell.com 2007-03-26 02:41 MST ------- Actually, it has been already fixed in upstream: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?rev=1.171&content-type=text/x-cvsweb-markup -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com