From owner-freebsd-current  Mon Apr  1 15:49: 8 2002
Delivered-To: freebsd-current@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4F78E37B41C; Mon,  1 Apr 2002 15:49:00 -0800 (PST)
Received: by flood.ping.uio.no (Postfix, from userid 2602)
	id 69C045347; Tue,  2 Apr 2002 01:48:57 +0200 (CEST)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: obrien@freebsd.org
Cc: current@freebsd.org, Thomas Quinot <thomas@cuivre.fr.eu.org>
Subject: Re: Problem with ssh
References: <20020328183736.85E9588@nebula.anchoragerescue.org>
	<20020328192816.GA217@mich.itxmarket.com>
	<20020328194005.573B688@nebula.anchoragerescue.org>
	<20020328120317.C92633@dragon.nuxi.com>
	<20020329030505.GF22998@squall.waterspout.com>
	<20020329110125.A61943@melusine.cuivre.fr.eu.org>
	<20020329203139.C74181@dragon.nuxi.com>
	<xzpk7rutfqo.fsf@flood.ping.uio.no>
	<20020401142524.C23489@dragon.nuxi.com>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 02 Apr 2002 01:48:56 +0200
In-Reply-To: <20020401142524.C23489@dragon.nuxi.com>
Message-ID: <xzp3cyfm13r.fsf@flood.ping.uio.no>
Lines: 28
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

"David O'Brien" <obrien@freebsd.org> writes:
> On Sat, Mar 30, 2002 at 01:14:07PM +0100, Dag-Erling Smorgrav wrote:
> > "David O'Brien" <obrien@freebsd.org> writes:
> > > Uh, why does my sequence keep changing when I just hit <return>???
> > Because it's generating fake S/Key challenges, and badly.
> Especially since RELENG_4 does NOT use OPIE.
> Who this "fake S/Key challenge" that and turned it on?

OpenSSH in RELENG_4 does use S/Key, and generates fake challenges when
the client attempts challenge-response authentication, which is what
is used for PAM.

> > No, I haven't seen it, but I've had similar reports.  It's actually a
> > bug on the server side, in older OpenSSH servers, that is exposed by
> > newer OpenSSH clients.
> Will OpenSSH 3.1 be MFC'ed soon?

Not likely.  There are a number of problems that still need fixing.

> Considering I DO want SKeyAuthentication (USENIX is comming up); what is
> the real fix?

Enable it only for servers that need it.  It used to be disabled by
default in the client, so this shouldn't make much of a difference.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message