On 02/01/10 10:24, Matthew Dillon wrote:
If you don't need PAM's extra features for your sshd access (which is
most people) then turn PAM off in your sshd_config to work around the
base code change that DES made. Then the other options will work as
intended. And, just to be safe, also turn off the challenge-response
option.
UsePAM no
ChallengeResponseAuthentication no
PasswordAuthentication no
I agree that turning PAM off whenever possible is a good thing. It
should also be noted that regardless of what appears in the default
config file those options should be uncommented so that you can be sure
they will be effective across updates.
For the old-school paranoids (like me) the following options are also of
interest "just in case":
RhostsRSAAuthentication no
HostbasedAuthentication no
IgnoreRhosts yes
hth,
Doug
--
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
Computers are useless. They can only give you answers.
-- Pablo Picasso
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
