Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

MoritaKazuyuki_'s avatar
MoritaKazuyuki_
Icon for Nimbostratus rankNimbostratus
Oct 05, 2016

How to configure ChallengeResponseAuthentication no

Dear Sir or Madam   I configure the BIG-IP.   I want to disable ChallengeResponseAuthentication.   I find /var/run/config/sshd_config file.   " Excerpt from cat /var/run/config/sshd_confi...
big-ip
devops
LTM
Shaun_Simmons1's avatar
Shaun_Simmons1
Icon for Altostratus rankAltostratus
Oct 05, 2016

Do you want to change it to "no" because of:

 

"OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

 

And

 

"Note that if ChallengeResponseAuthentication is 'yes', and the PAM authentication policy for sshd includes pam_unix(8), password authentication will be allowed through the challenge-response mechanism regardless of the value of PasswordAuthentication."

 

??