OpenPAM/SSHD privacy hole (FreeBSD 9.2+ affected)
Andrei
az at azsupport.com
Wed Oct 23 12:38:54 UTC 2013
On Wed, 23 Oct 2013 05:00:13 -0700
David Wolfskill <david at catwhisker.org> wrote:
>
> Does that also apply if /etc/ssh/sshd_config has been changed to read:
>
> # Change to no to disable PAM authentication
> ChallengeResponseAuthentication no
>
> (as I routinely do)?
>
> Peace,
> david
In this case you lose "keyboard-interactive" login option. But we need it.
Kind regards,
Andrei.
More information about the freebsd-security
mailing list