summaryrefslogtreecommitdiff
path: root/debian/openssh-server.templates.master
diff options
context:
space:
mode:
Diffstat (limited to 'debian/openssh-server.templates.master')
-rw-r--r--debian/openssh-server.templates.master16
1 files changed, 16 insertions, 0 deletions
diff --git a/debian/openssh-server.templates.master b/debian/openssh-server.templates.master
index e6d355639..af4d4e9f8 100644
--- a/debian/openssh-server.templates.master
+++ b/debian/openssh-server.templates.master
@@ -77,3 +77,19 @@ _Description: Warning: you must create a new host key
77 from the old (non-free) SSH installation. 77 from the old (non-free) SSH installation.
78 . 78 .
79 You will need to generate a new host key. 79 You will need to generate a new host key.
80
81Template: ssh/disable_cr_auth
82Type: boolean
83Default: false
84_Description: Disable challenge-response authentication?
85 Password authentication appears to be disabled in your current OpenSSH
86 server configuration. In order to prevent users from logging in using
87 passwords (perhaps using only public key authentication instead) with
88 recent versions of OpenSSH, you must disable challenge-response
89 authentication, or else ensure that your PAM configuration does not allow
90 Unix password file authentication.
91 .
92 If you disable challenge-response authentication, then users will not be
93 able to log in using passwords. If you leave it enabled (the default
94 answer), then the 'PasswordAuthentication no' option will have no useful
95 effect unless you also adjust your PAM configuration in /etc/pam.d/ssh.