Questions about sshd_config man page and comments in the file

ponraj tryponraj at gmail.com
Thu Feb 23 21:27:54 EST 2006


Yes.This sort out the confusion. Thanks for the fix.

--
M.P

----- Original Message ----- 
From: "Darren Tucker" <dtucker at zip.com.au>
To: "ponraj" <tryponraj at gmail.com>
Cc: <openssh-unix-dev at mindrot.org>
Sent: Thursday, February 23, 2006 2:58 PM
Subject: Re: Questions about sshd_config man page and comments in the file


> On Thu, Feb 23, 2006 at 08:13:08PM +1100, Darren Tucker wrote:
>> > b)Comments in sshd_config file:
> [...]
>> The comment in the example config file is outdated and should be fixed.
>
> Does this help clear up the confusion?
>
> Index: sshd_config
> ===================================================================
> RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshd_config,v
> retrieving revision 1.74
> diff -u -p -r1.74 sshd_config
> --- sshd_config 13 Dec 2005 08:29:03 -0000 1.74
> +++ sshd_config 23 Feb 2006 09:26:42 -0000
> @@ -71,12 +71,13 @@
>
> # Set this to 'yes' to enable PAM authentication, account processing,
> # and session processing. If this is enabled, PAM authentication will
> -# be allowed through the ChallengeResponseAuthentication mechanism.
> -# Depending on your PAM configuration, this may bypass the setting of
> -# PasswordAuthentication, PermitEmptyPasswords, and
> -# "PermitRootLogin without-password". If you just want the PAM account 
> and
> -# session checks to run without PAM authentication, then enable this but 
> set
> -# ChallengeResponseAuthentication=no
> +# be allowed through the ChallengeResponseAuthentication and
> +# PasswordAuthentication.  Depending on your PAM configuration,
> +# PAM authentication via ChallengeResponseAuthentication may bypass
> +# the setting of "PermitRootLogin without-password".
> +# If you just want the PAM account and session checks to run without
> +# PAM authentication, then enable this but set PasswordAuthentication
> +# and ChallengeResponseAuthentication to 'no'.
> #UsePAM no
>
> #AllowTcpForwarding yes
> Index: sshd_config.5
> ===================================================================
> RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshd_config.5,v
> retrieving revision 1.53
> diff -u -p -r1.53 sshd_config.5
> --- sshd_config.5 3 Jan 2006 07:47:31 -0000 1.53
> +++ sshd_config.5 23 Feb 2006 09:27:42 -0000
> @@ -677,7 +677,10 @@ If set to
> .Dq yes
> this will enable PAM authentication using
> .Cm ChallengeResponseAuthentication
> -and PAM account and session module processing for all authentication 
> types.
> +and
> +.Cm PasswordAuthentication
> +in addition to PAM account and session module processing for all
> +authentication types.
> .Pp
> Because PAM challenge-response authentication usually serves an equivalent
> role to password authentication, you should disable either
>
> -- 
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>    Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev 




More information about the openssh-unix-dev mailing list