Revised OpenSSH Security Advisory (adv.iss)
Steve VanDevender
stevev at darkwing.uoregon.edu
Thu Jun 27 05:39:50 EST 2002
Pekka Savola writes:
> On Wed, 26 Jun 2002, Markus Friedl wrote:
> > and
> >
> > Disable PAMAuthenticationViaKbdInt in sshd_config.
>
>
> I'd rather say:
>
> Make sure PAMAuthenticationViaKbdInt has not been enabled
> in sshd_config.
>
> (as it defaults to off, contrary to ChallengeResponseAuthentication), but
> that's just a minor clarification.
I think the announcement is fine the way it is. Having an explicit
"PAMAuthenticationViaKbdInt no" in sshd_config is a lot less ambiguous
than assuming it's disabled by default.
More information about the openssh-unix-dev
mailing list