Skip site navigation (1)Skip section navigation (2) 
Date:      31 Oct 2002 19:59:50 -0500
From:      Chris Shenton <chris@shenton.org>
To:        security@freebsd.org
Subject:   Telnet not offering SKey prompt despite keyinit, skeykeys, skey.access
Message-ID:  <87lm4ef6k9.fsf@thanatos.shenton.org>
next in thread | raw e-mail | index | archive | help 
I want to skey my telnet daemon (as I've done on other FreeBSD systems
in the past) but I can't get it to work on this system. I'm running:

    chris@beatnik_44% uname -a
    FreeBSD beatnik.shenton.org 4.7-RC2 FreeBSD 4.7-RC2 #0: Thu Sep 26 04:07:11 GMT 2002     root@freebsd-stable.sentex.ca:/usr/obj/usr/src/sys/GENERIC  i386

I generate keys for myself:

    chris@beatnik_43% keyinit
    Adding chris:
    Reminder - Only use this method if you are directly connected.
    If you are using telnet or rlogin exit with no password and use keyinit -s.
    Enter secret password: 
    Again secret password: 

    ID chris s/key is 99 be97113
    YALE NEIL EVEN OTT PRY FAIR

I check that the skeykeys file is created and make sure skey is
allowed (in fact, required from everywhere) in /etc/skey.access:

    beatnik# ls -l /etc/skey*
    -rw-r--r--  1 root  wheel  98 Oct 31 20:48 /etc/skey.access
    -rw-------  1 root  wheel  67 Oct 31 20:45 /etc/skeykeys

    beatnik# cat /etc/skey.access 
    # why can't I get skey or opie to run on telnet?
    deny internet 192.168.255.0 255.255.255.0
    deny
    #

    beatnik# cat /etc/skeykeys 
    chris 0099 be97113          fe9861f0982352fa  Oct 31,2002 20:45:27

Looks OK, but when I try to telnet, it doesn't offer the skey prompt,
just the normal reusable UNIX password:

    chris@thanatos(260> telnet beatnik
    Trying 192.168.255.183...
    Connected to beatnik.shenton.org.
    Escape character is '^]'.
    Trying SRA secure login:
    User (chris): chris
    Password: 
    [ SRA accepts you ]

When I ssh to it, it does offer me the skey prompt, but (unless I'm
really fat-fingered) doesn't seem to recognize the phrase I generate
on the local box, then reverts to normal password auth:

    chris@thanatos(264> ssh beatnik
    s/key 98 be97113
    Password: 
    Permission denied, please try again.
    s/key 98 be97113
    Password: 
    Permission denied, please try again.
    s/key 97 be97113
    Password: 
    chris@beatnik.shenton.org's password: 

Any ideas what I'm missing?

Thanks.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87lm4ef6k9.fsf>