From owner-freebsd-qa Thu Jan 17 6:49:49 2002 Delivered-To: freebsd-qa@freebsd.org Received: from pcwin002.win.tue.nl (pcwin002.win.tue.nl [131.155.71.72]) by hub.freebsd.org (Postfix) with ESMTP id AA51537B404 for ; Thu, 17 Jan 2002 06:49:45 -0800 (PST) Received: (from stijn@localhost) by pcwin002.win.tue.nl (8.11.6/8.11.4) id g0HEnax72630; Thu, 17 Jan 2002 15:49:36 +0100 (CET) (envelope-from stijn) Date: Thu, 17 Jan 2002 15:49:35 +0100 From: Stijn Hoop To: Neil Blakey-Milner Cc: qa@freebsd.org Subject: Re: s/key! Message-ID: <20020117154935.G76860@pcwin002.win.tue.nl> References: <20020117145818.F76860@pcwin002.win.tue.nl> <20020117163652.B39578@mithrandr.moria.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="ALfTUftag+2gvp1h" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020117163652.B39578@mithrandr.moria.org>; from nbm@mithrandr.moria.org on Thu, Jan 17, 2002 at 04:36:52PM +0200 X-Bright-Idea: Let's abolish HTML mail! Sender: owner-freebsd-qa@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --ALfTUftag+2gvp1h Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 17, 2002 at 04:36:52PM +0200, Neil Blakey-Milner wrote: > On Thu 2002-01-17 (14:58), Stijn Hoop wrote: > > On Thu, Jan 17, 2002 at 05:50:54AM -0800, Randy Bush wrote: > > > i have never done anything wish s/key on either host. why am i getti= ng > > > this? (both quite recent -stable) > > >=20 > > > ns0.psg.com:/usr/local/src/distfiles# rsy randy@rip.psg.com:bind-9.2.= 0.tar.gz . > > > otp-md5 3 ri5788 ext > > > S/Key Password:=20 > >=20 > > This has bitten me before as well. Recent -STABLE turns S/Key on by > > default in /etc/ssh/sshd_config. Uncomment the line: > >=20 > > # ChallengeResponseAuthentication no > >=20 > > to disable S/Key again. >=20 > That's going to be particularly irritating. Is there any way for sshd > to properly detect the necessity of S/Key? If not, should it perhaps > not be enabled by default? I'm still looking for the option that lowers the priority of S/Key. I think that POLA would be to use public-key first, then password, then s/key. I haven't looked hard though... --Stijn --=20 "...I like logs. They give me a warm fuzzy feeling. I've been known to keep logs for 30 months at a time (generally when I thought I was rotating them daily, but was actually rotating them once a month)." -- Michael Lucas, in Big Scary Daemons article 'Controlling Bandwidth' --ALfTUftag+2gvp1h Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8RuR/Y3r/tLQmfWcRAn51AJ4hcJVZln4QK0RJ+LGTXMs+SQRWNQCeKqz2 WgK7zQuCXnThcW1/YiGBeRE= =0JPD -----END PGP SIGNATURE----- --ALfTUftag+2gvp1h-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-qa" in the body of the message