Re: debian-ssh@lists.debian.org in /usr/share/openssh/sshd_config
On Sun, Jan 22, 2017 at 07:53:43PM +0100, foo fighter wrote: > ChallengeResponseAuthentication is one of the few configuration > parameters which are not uncommented in its default state. Is this > intentionally or shoud the line be uncommented in order to have a > consistent default config file of the openssh-server in debian? It's like this deliberately because it's a deviation from the upstream default. See sshd_config(5). > As far as I remember the default settings where explicit in the config > file in the past (1) and now all implicit (uncomented) (2). This makes > a big change for users who do not often check their configgfiles when > the default are changed upstream or package-maintainer. New default is > (1) not effective / (2) is effective. Yes, I'm aware it's a change, but it gets us much closer to upstream and to a generally more sensible scheme for handling this configuration file. Thanks, -- Colin Watson [cjwat...@debian.org]
Aw: debian-ssh@lists.debian.org in /usr/share/openssh/sshd_config
A further note: the value for is "no" in its default configuration. "man sshd_config" states "The default is yes.". Is this inconsistent? Yours Lopiuh Gesendet: Sonntag, 22. Januar 2017 um 19:53 Uhr Von: "foo fighter" <lop...@gmx.net> An: debian-ssh@lists.debian.org Betreff: debian-ssh@lists.debian.org in /usr/share/openssh/sshd_config Hi, ChallengeResponseAuthentication is one of the few configuration parameters which are not uncommented in its default state. Is this intentionally or shoud the line be uncommented in order to have a consistent default config file of the openssh-server in debian? As far as I remember the default settings where explicit in the config file in the past (1) and now all implicit (uncomented) (2). This makes a big change for users who do not often check their configgfiles when the default are changed upstream or package-maintainer. New default is (1) not effective / (2) is effective. (Assumed user did not change settings) [...] # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no [...] Thanks Lopiuh
debian-ssh@lists.debian.org in /usr/share/openssh/sshd_config
Hi, ChallengeResponseAuthentication is one of the few configuration parameters which are not uncommented in its default state. Is this intentionally or shoud the line be uncommented in order to have a consistent default config file of the openssh-server in debian? As far as I remember the default settings where explicit in the config file in the past (1) and now all implicit (uncomented) (2). This makes a big change for users who do not often check their configgfiles when the default are changed upstream or package-maintainer. New default is (1) not effective / (2) is effective. (Assumed user did not change settings) [...] # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no [...] Thanks Lopiuh