Forum Discussion

Nimbostratus

Oct 06, 2016

How to configure ChallengeResponseAuthentication no

Dear Sir or Madam I configure the BIG-IP. I want to disable ChallengeResponseAuthentication. I find /var/run/config/sshd_config file. " Excerpt from cat /var/run/config/sshd_confi...

Altostratus

Oct 06, 2016

Do you want to change it to "no" because of:

"OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

And

"Note that if ChallengeResponseAuthentication is 'yes', and the PAM authentication policy for sshd includes pam_unix(8), password authentication will be allowed through the challenge-response mechanism regardless of the value of PasswordAuthentication."

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

How to configure ChallengeResponseAuthentication no

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 XC 503 upstream_reset_before_response_started{protocol_error}

CVE mitigation on F5 XC vs classic F5 WAF

F5 mssql health monitor failing

Could not communicate with the system. Try to reload page.

UCS Encryption Question

Related Content

wccp configuration for SSL Orchestrator

F5 BIG-IP Advanced WAF – DOS profile configuration options.

APM Configuration to Support Duo MFA using iRule

BIG-IP BGP Routing Protocol Configuration And Use Cases

BIG-IP vWire Configuration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS