diff options
Diffstat (limited to 'debian/openssh-server.templates.master')
-rw-r--r-- | debian/openssh-server.templates.master | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/debian/openssh-server.templates.master b/debian/openssh-server.templates.master index e6d355639..af4d4e9f8 100644 --- a/debian/openssh-server.templates.master +++ b/debian/openssh-server.templates.master | |||
@@ -77,3 +77,19 @@ _Description: Warning: you must create a new host key | |||
77 | from the old (non-free) SSH installation. | 77 | from the old (non-free) SSH installation. |
78 | . | 78 | . |
79 | You will need to generate a new host key. | 79 | You will need to generate a new host key. |
80 | |||
81 | Template: ssh/disable_cr_auth | ||
82 | Type: boolean | ||
83 | Default: false | ||
84 | _Description: Disable challenge-response authentication? | ||
85 | Password authentication appears to be disabled in your current OpenSSH | ||
86 | server configuration. In order to prevent users from logging in using | ||
87 | passwords (perhaps using only public key authentication instead) with | ||
88 | recent versions of OpenSSH, you must disable challenge-response | ||
89 | authentication, or else ensure that your PAM configuration does not allow | ||
90 | Unix password file authentication. | ||
91 | . | ||
92 | If you disable challenge-response authentication, then users will not be | ||
93 | able to log in using passwords. If you leave it enabled (the default | ||
94 | answer), then the 'PasswordAuthentication no' option will have no useful | ||
95 | effect unless you also adjust your PAM configuration in /etc/pam.d/ssh. | ||