Hi, ChallengeResponseAuthentication is one of the few configuration parameters which are not uncommented in its default state. Is this intentionally or shoud the line be uncommented in order to have a consistent default config file of the openssh-server in debian?
As far as I remember the default settings where explicit in the config file in the past (1) and now all implicit (uncomented) (2). This makes a big change for users who do not often check their configgfiles when the default are changed upstream or package-maintainer. New default is (1) not effective / (2) is effective. (Assumed user did not change settings) [...] # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no [...] Thanks Lopiuh
