[Bug 3658] Wrong comment in /etc/ssh/sshd_config
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Dec 3 23:41:42 AEDT 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3658
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
It's not that simple. From a protocol standpoint,
PasswordAuthentication is definitely "clear-text passwords".
> Indeed, Setting PasswordAuthentication to "no" will NOT disable clear-text passwords if ChallengeResponseAuthentication keeps its default value "yes" .
What ChallengeResponseAuthentication (or rather,
KbdInteractiveAuthentication, for which the former is a deprecated
synonym) does depends on the compile options, and in the common case,
what the host's PAM stack is configured to do. This might involve
passwords, or one-time tokens, something else, or a combination of all
of these things. From a protocol perspective, sshd doesn't know.
I'll see if we can update the comment on KbdInteractiveAuthentication
to be a bit more informative.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list