Bug 1364

Summary: default for ChallengeResponseAuthentication doesn't match sshd_config
Product: Portable OpenSSH Reporter: Nate Yocom <nate.yocom>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: normal CC: dtucker
Priority: P2    
Version: 4.7p1   
Hardware: Other   
OS: Other   

Description Nate Yocom 2007-09-18 06:55:35 AEST 
between 4.5p1 and 4.6p1 the ChallengeResponseAuthentication parameter stopped defaulting to 'yes' and must be explicitly set to work.  I suspect this is the result of the Match keyword support that was added - but it should either default correctly or the default sshd_config should be updated to match.
Comment 1 Darren Tucker 2007-09-18 10:12:11 AEST 
You've reported this against 4.7 however it should have been resolved in that version:

   - dtucker@cvs.openbsd.org 2007/03/09 05:20:06
     [servconf.c sshd.c]
     Move C/R -> kbdint special case to after the defaults have been
     loaded, which makes ChallengeResponse default to yes again.  This
     was broken by the Match changes and not fixed properly subsequently.
     Found by okan at demirmen.com, ok djm@ "please do it" deraadt@

Are you really having problems with 4.7 or did you mean to report it against 4.6?
Comment 2 Nate Yocom 2007-09-18 10:17:07 AEST 
my apologies - it does in fact work for me in 4.7 (missed this in initial testing)
Comment 3 Damien Miller 2008-04-04 10:00:57 AEDT 
Close resolved bugs after release.