On Wed, 26 Jun 2002, Dan Hollis wrote: > On Wed, 26 Jun 2002, Craig Kelley wrote: > > I know you're all probably aware of this by now, but a serious hole is in > > all versions of OpenSSH shipped with all versions of RedHat: > > http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0 > > does any redhat ship with 'ChallengeResponseAuthentication yes' as > default? Yes. (Or to be precise, it is commented out but it defaults to yes.) -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords _______________________________________________ Redhat-devel-list mailing list Redhat-devel-list@redhat.com https://listman.redhat.com/mailman/listinfo/redhat-devel-list
