FS#71941 - [openssh] Disable KbdInteractiveAuthentication
Attached to Project:
Arch Linux
Opened by Marcos Mello (marcosfrm) - Saturday, 28 August 2021, 19:00 GMT
Last edited by Giancarlo Razzolini (grazzolini) - Friday, 17 September 2021, 01:24 GMT
Opened by Marcos Mello (marcosfrm) - Saturday, 28 August 2021, 19:00 GMT
Last edited by Giancarlo Razzolini (grazzolini) - Friday, 17 September 2021, 01:24 GMT
|
Details
ChallengeResponseAuthentication is now deprecated alias to
KbdInteractiveAuthentication starting with OpenSSH 8.7.
https://www.openssh.com/releasenotes.html * ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication in favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but not entirely equivalent. We retain the old name as a deprecated alias so configuration files continue to work as well as a reference in the man page for people looking for it. bz#3303 ChallengeResponseAuthentication is not in sshd_config anymore, so this thing in not disabled by default in new installs. |
This task depends upon
Closed by Giancarlo Razzolini (grazzolini)
Friday, 17 September 2021, 01:24 GMT
Reason for closing: Fixed
Additional comments about closing: openssh-8.7p1-2 fixes this issue.
Friday, 17 September 2021, 01:24 GMT
Reason for closing: Fixed
Additional comments about closing: openssh-8.7p1-2 fixes this issue.
# Change to no to disable s/key passwords
#KbdInteractiveAuthentication yes
and the sed call in PKGBUILD does not change it.