tech-security: Re: OpenSSH Priv Sep and Remote Exploit?

Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Jeremy C. Reed <reed@reedmedia.net>
From: Lubomir Sedlacik <salo@Xtrmntr.org>
List: tech-security
Date: 06/26/2002 18:35:32

--2oS5YaxWCcQjTEyO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 26, 2002 at 09:25:34AM -0700, Jeremy C. Reed wrote:
> Can anyone quickly explain the challenge response based methods?
>=20
> I use conventional password authentication or PubkeyAuthentication, so I
> wonder if this ChallengeResponseAuthentication is even needed.

e.g. S/Key and BSD_AUTH, so unless you use one of them (NetBSD doesn't
support BSD_AUTH afaik), you can safely disable it.  Challenge method
means that you need to answer something back to a given question, e.g.
type OTP in S/Key negotiation.

regards,

--=20
-- Lubomir Sedlacik <salo@Xtrmntr.org>   ASCII Ribbon campaign against  /"\=
 --
--                  <salo@silcnet.org>   e-mail in gratuitous HTML and  \ /=
 --
--                                       Microsoft proprietary formats   X =
 --
-- PGPkey: http://Xtrmntr.org/salo.pgp                                  / \=
 --
-- Key Fingerprint: DBEC 8BEC 9A90 ECEC 0FEF  716E 59CE B70B 7E3B 70E2     =
 --

--2oS5YaxWCcQjTEyO
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)

iD8DBQE9Ge1UWc63C347cOIRAjtDAKCOazAhMljP1rMH8TUHYzPv2sjqpACgxSbx
ZNQnDAeWIfltSMM/cZ4+ATY=
=oiLy
-----END PGP SIGNATURE-----

--2oS5YaxWCcQjTEyO--