In OpenSSH "ChallangeResponseAuthentication" has been replaced my "KbdInteractiveAuthentication" and MUST be replaced; otherwise `ssh.service` will no longer start! Also check for other deprecated options [7.9p1-10+deb10u2 … 9.2p1-2]: - https://www.openssh.com/releasenotes.html - https://univention-dist-binpkg-webgui.k8s.knut.univention.de/source/openssh/?since=5.0-0
(5.0-5) $ git grep -i ChallangeResponseAuthentication → I can't find any usage of it So this is probably set via UCRv "sshd/config/.*"
There is a typo in the option in the initial bug description (5.0-4) $ rgrep -i ChallengeResponseAuthentication | wc -l 11
Replaced "ChallangeResponseAuthentication" with "KbdInteractiveAuthentication" and added a new UCRv "sshd/KbdInteractiveAuthentication" which defaults to the old "sshd/challengeresponse". This only affects 5.2 and not 5.1 since Debian Bullseye has OpenSSH 8.4 and this change was introduced in OpenSSH 8.7. Looked through OpenSSH changelogs for any other major changes since or deprecated options since 7.9.
OK: code review OK: test ucr set sshd/KbdInteractiveAuthentication=no OK: changelog
univention-base-files (11.0.4) a457ee8f54b2 | Bug #56147: Adapt to OpenSSH 9.2p1-2