From owner-cvs-all  Thu Apr 25  9: 0:59 2002
Delivered-To: cvs-all@freebsd.org
Received: from dragon.nuxi.com (trang.nuxi.com [66.92.13.169])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1827737B405; Thu, 25 Apr 2002 09:00:53 -0700 (PDT)
Received: from dragon.nuxi.com (obrien@localhost [127.0.0.1])
	by dragon.nuxi.com (8.12.2/8.12.2) with ESMTP id g3PG0pYm068934;
	Thu, 25 Apr 2002 09:00:51 -0700 (PDT)
	(envelope-from obrien@dragon.nuxi.com)
Received: (from obrien@localhost)
	by dragon.nuxi.com (8.12.3/8.12.2/Submit) id g3PFxZkx068912;
	Thu, 25 Apr 2002 08:59:35 -0700 (PDT)
Date: Thu, 25 Apr 2002 08:59:31 -0700
From: "David O'Brien" <obrien@FreeBSD.org>
To: Josef Karthauser <joe@tao.org.uk>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/crypto/openssh servconf.c sshd_config
Message-ID: <20020425085931.B68843@dragon.nuxi.com>
Reply-To: obrien@FreeBSD.org
References: <200204250559.g3P5xrS51528@freefall.freebsd.org> <xzp662gyq1m.fsf@flood.ping.uio.no> <20020425113715.GB21335@genius.tao.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020425113715.GB21335@genius.tao.org.uk>; from joe@tao.org.uk on Thu, Apr 25, 2002 at 12:37:15PM +0100
X-Operating-System: FreeBSD 5.0-CURRENT
Organization: The NUXI BSD group
X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3  90 76 5D 69 58 D9 98 7A
X-Pgp-Rsa-Keyid: 1024/34F9F9D5
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Thu, Apr 25, 2002 at 12:37:15PM +0100, Josef Karthauser wrote:
> Can you find a better way of preventing this:
> 
>     genius% ssh dhcp59 
>     otp-md5 228 dh6546 ext
>     S/Key Password: 
>     otp-md5 170 dh0164 ext
>     S/Key Password: 
>     otp-md5 170 dh0164 ext
>     S/Key Password: 
>     joe@dhcp59.tao.org.uk's password: 
> 
> We shouldn't be doing S/Key by default.

It isn't even S/Key -- notice the challenge changes each time (and it is
an OPIE, not S/Key challenge).

It is some bullshit, security thru obscurity crap someone added.
I do use real S/Key on releng4 boxes and that is broken right now too.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message