diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c
index add504b9432..1cf7f9d90e6 100644
--- a/crypto/openssh/servconf.c
+++ b/crypto/openssh/servconf.c
@@ -212,7 +212,7 @@ fill_default_server_options(ServerOptions *options)
 	if (options->kbd_interactive_authentication == -1)
 		options->kbd_interactive_authentication = 0;
 	if (options->challenge_response_authentication == -1)
-		options->challenge_response_authentication = 0;
+		options->challenge_response_authentication = 1;
 	if (options->permit_empty_passwd == -1)
 		options->permit_empty_passwd = 0;
 	if (options->use_login == -1)
diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config
index 156b5f0c574..e34c96424e1 100644
--- a/crypto/openssh/sshd_config
+++ b/crypto/openssh/sshd_config
@@ -60,8 +60,8 @@
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
 
-# Change to yes to enable s/key passwords
-#ChallengeResponseAuthentication no
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
 
 # Kerberos options
 # KerberosAuthentication automatically enabled if keyfile exists