Bug 1364 - default for ChallengeResponseAuthentication doesn't match sshd_config
Summary: default for ChallengeResponseAuthentication doesn't match sshd_config
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 4.7p1
Hardware: Other Other
: P2 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-09-18 06:55 AEST by Nate Yocom
Modified: 2008-04-04 10:00 AEDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nate Yocom 2007-09-18 06:55:35 AEST 
between 4.5p1 and 4.6p1 the ChallengeResponseAuthentication parameter stopped defaulting to 'yes' and must be explicitly set to work.  I suspect this is the result of the Match keyword support that was added - but it should either default correctly or the default sshd_config should be updated to match.
Comment 1 Darren Tucker 2007-09-18 10:12:11 AEST 
You've reported this against 4.7 however it should have been resolved in that version:

   - dtucker@cvs.openbsd.org 2007/03/09 05:20:06
     [servconf.c sshd.c]
     Move C/R -> kbdint special case to after the defaults have been
     loaded, which makes ChallengeResponse default to yes again.  This
     was broken by the Match changes and not fixed properly subsequently.
     Found by okan at demirmen.com, ok djm@ "please do it" deraadt@

Are you really having problems with 4.7 or did you mean to report it against 4.6?
Comment 2 Nate Yocom 2007-09-18 10:17:07 AEST 
my apologies - it does in fact work for me in 4.7 (missed this in initial testing)
Comment 3 Damien Miller 2008-04-04 10:00:57 AEDT 
Close resolved bugs after release.