diff options
Diffstat (limited to 'debian/openssh-server.templates.master')
| -rw-r--r-- | debian/openssh-server.templates.master | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/debian/openssh-server.templates.master b/debian/openssh-server.templates.master index e6d355639..af4d4e9f8 100644 --- a/debian/openssh-server.templates.master +++ b/debian/openssh-server.templates.master | |||
| @@ -77,3 +77,19 @@ _Description: Warning: you must create a new host key | |||
| 77 | from the old (non-free) SSH installation. | 77 | from the old (non-free) SSH installation. |
| 78 | . | 78 | . |
| 79 | You will need to generate a new host key. | 79 | You will need to generate a new host key. |
| 80 | |||
| 81 | Template: ssh/disable_cr_auth | ||
| 82 | Type: boolean | ||
| 83 | Default: false | ||
| 84 | _Description: Disable challenge-response authentication? | ||
| 85 | Password authentication appears to be disabled in your current OpenSSH | ||
| 86 | server configuration. In order to prevent users from logging in using | ||
| 87 | passwords (perhaps using only public key authentication instead) with | ||
| 88 | recent versions of OpenSSH, you must disable challenge-response | ||
| 89 | authentication, or else ensure that your PAM configuration does not allow | ||
| 90 | Unix password file authentication. | ||
| 91 | . | ||
| 92 | If you disable challenge-response authentication, then users will not be | ||
| 93 | able to log in using passwords. If you leave it enabled (the default | ||
| 94 | answer), then the 'PasswordAuthentication no' option will have no useful | ||
| 95 | effect unless you also adjust your PAM configuration in /etc/pam.d/ssh. | ||