From 04da61f7a875bdb9921a4311db15271f9ac4cf24 Mon Sep 17 00:00:00 2001
From: jkh <jkh@FreeBSD.org>
Date: Thu, 25 Apr 2002 05:59:53 +0000
Subject: Change default challenge/response behavior of sshd by popular demand.
 This brings us into sync with the behavior of sshd on other Unix platforms.

Submitted by:	Joshua Goodall <joshua@roughtrade.net>
---
 crypto/openssh/servconf.c  | 2 +-
 crypto/openssh/sshd_config | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'crypto')

diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c
index 1cf7f9d..add504b 100644
--- a/crypto/openssh/servconf.c
+++ b/crypto/openssh/servconf.c
@@ -212,7 +212,7 @@ fill_default_server_options(ServerOptions *options)
 	if (options->kbd_interactive_authentication == -1)
 		options->kbd_interactive_authentication = 0;
 	if (options->challenge_response_authentication == -1)
-		options->challenge_response_authentication = 1;
+		options->challenge_response_authentication = 0;
 	if (options->permit_empty_passwd == -1)
 		options->permit_empty_passwd = 0;
 	if (options->use_login == -1)
diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config
index e34c964..156b5f0 100644
--- a/crypto/openssh/sshd_config
+++ b/crypto/openssh/sshd_config
@@ -60,8 +60,8 @@
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
 
-# Change to no to disable s/key passwords
-#ChallengeResponseAuthentication yes
+# Change to yes to enable s/key passwords
+#ChallengeResponseAuthentication no
 
 # Kerberos options
 # KerberosAuthentication automatically enabled if keyfile exists
-- 
cgit v1.1