[Bug 3303] Request Match block accommodation for 2FA sshd_config
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Apr 27 10:47:40 AEST 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3303
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
Blocks| |3302
--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
ChallengeResponseAuthentication is actually the SSH protocol 1 option.
KbdInteractiveAuthentication is the protocol 2 option and you can use
it in a Match block right now.
The reason ChallengeResponseAuthentication was excluded from Match is
that it behaved in an unusual way for a config option (it'd enable
KbdInteractiveAuthentication if it was not set, but quite late in the
process, in a way not conducive to working with Match).
These days Protocol 1 is gone and the two are effectively equivalent,
so we should remove the discrepancy.
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3302
[Bug 3302] Tracking bug for openssh-8.7
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list