tech-security: Re: OpenSSH Priv Sep and Remote Exploit?

Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Steven M. Bellovin <smb@research.att.com>
From: Marton Fabo <morton@eik.bme.hu>
List: tech-security
Date: 06/26/2002 21:10:52

># Change to no to disable s/key passwords
>#ChallengeResponseAuthentication yes
>
>which implies that they're the same option.  Or is it different on
>other versions?  I checked 3.1 and 3.3.1.

If I understood well from the sshd man page, s/key is currently the only 
implemented challenge-response authentication technique. So right now, the 
two has the same meaning, but this may change in the future, when more such 
authentication modes may become available.

mortee