On Wed, 26 Jun 2002, Dan Hollis wrote: > On Wed, 26 Jun 2002, Craig Kelley wrote: > > I know you're all probably aware of this by now, but a serious hole is in > > all versions of OpenSSH shipped with all versions of RedHat: > > http://online.securityfocus.com/archive/1/278818/2002-06-23/2002-06-29/0 > > does any redhat ship with 'ChallengeResponseAuthentication yes' as > default? It's commented out in 7.2 and 7.3, so I'm not sure what the default is. The 6.2 version is commented out, but the 'no' value is what is commented out.... -- Craig Kelley -- kellcrai@isu.edu -- This document is rot26-encoded, and protected from being read by the DMCA and all other WIPO treaty nations. http://www.isu.edu/~kellcrai finger ink@inconnu.isu.edu for PGP block _______________________________________________ Redhat-devel-list mailing list Redhat-devel-list@redhat.com https://listman.redhat.com/mailman/listinfo/redhat-devel-list
