diff options
Diffstat (limited to 'debian/templates.master')
-rw-r--r-- | debian/templates.master | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/debian/templates.master b/debian/templates.master index 07f62b178..55727c933 100644 --- a/debian/templates.master +++ b/debian/templates.master | |||
@@ -123,3 +123,19 @@ _Description: Environment options on keys have been deprecated | |||
123 | To re-enable this option, set "PermitUserEnvironment yes" in | 123 | To re-enable this option, set "PermitUserEnvironment yes" in |
124 | /etc/ssh/sshd_config after the upgrade is complete, taking note of the | 124 | /etc/ssh/sshd_config after the upgrade is complete, taking note of the |
125 | warning in the sshd_config(5) manual page. | 125 | warning in the sshd_config(5) manual page. |
126 | |||
127 | Template: ssh/disable_cr_auth | ||
128 | Type: boolean | ||
129 | Default: true | ||
130 | _Description: Disable challenge-response authentication? | ||
131 | Password authentication appears to be disabled in your current OpenSSH | ||
132 | server configuration. In order to prevent users from logging in using | ||
133 | passwords (perhaps using only public key authentication instead) with | ||
134 | recent versions of OpenSSH, you must disable challenge-response | ||
135 | authentication, or else ensure that your PAM configuration does not allow | ||
136 | Unix password file authentication. | ||
137 | . | ||
138 | If you disable challenge-response authentication (the default answer), then | ||
139 | users will not be able to log in using passwords. If you leave it enabled, | ||
140 | then the 'PasswordAuthentication no' option will have no useful effect | ||
141 | unless you also adjust your PAM configuration in /etc/pam.d/ssh. | ||