https://bugzilla.mindrot.org/show_bug.cgi?id=3658
Darren Tucker <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Darren Tucker <[email protected]> --- It's not that simple. From a protocol standpoint, PasswordAuthentication is definitely "clear-text passwords". > Indeed, Setting PasswordAuthentication to "no" will NOT disable clear-text > passwords if ChallengeResponseAuthentication keeps its default value "yes" . What ChallengeResponseAuthentication (or rather, KbdInteractiveAuthentication, for which the former is a deprecated synonym) does depends on the compile options, and in the common case, what the host's PAM stack is configured to do. This might involve passwords, or one-time tokens, something else, or a combination of all of these things. From a protocol perspective, sshd doesn't know. I'll see if we can update the comment on KbdInteractiveAuthentication to be a bit more informative. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
