A further note: the value for <ChallengeResponseAuthentication> is "no" in its default configuration. "man sshd_config" states "The default is yes.". Is this inconsistent?
Yours Lopiuh Gesendet: Sonntag, 22. Januar 2017 um 19:53 Uhr Von: "foo fighter" <lop...@gmx.net> An: debian-ssh@lists.debian.org Betreff: debian-ssh@lists.debian.org in /usr/share/openssh/sshd_config Hi, ChallengeResponseAuthentication is one of the few configuration parameters which are not uncommented in its default state. Is this intentionally or shoud the line be uncommented in order to have a consistent default config file of the openssh-server in debian? As far as I remember the default settings where explicit in the config file in the past (1) and now all implicit (uncomented) (2). This makes a big change for users who do not often check their configgfiles when the default are changed upstream or package-maintainer. New default is (1) not effective / (2) is effective. (Assumed user did not change settings) [...] # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no [...] Thanks Lopiuh