From owner-freebsd-security  Mon May  1 15:53:48 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.numachi.com (numachi.numachi.com [198.175.254.2])
	by hub.freebsd.org (Postfix) with SMTP id 50DC837B588
	for <freebsd-security@freebsd.org>; Mon,  1 May 2000 15:53:42 -0700 (PDT)
	(envelope-from reichert@numachi.com)
Received: (qmail 7507 invoked by uid 1001); 1 May 2000 22:53:40 -0000
Date: Mon, 1 May 2000 18:53:40 -0400
From: Brian Reichert <reichert@numachi.com>
To: freebsd-security@freebsd.org
Subject: OpenSSH-1.2.2 + S/Key
Message-ID: <20000501185340.A7346@numachi.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre4i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I _must_ be missing something.

The manpage for sshd(8) gushes about 'supports one-time password
authentication with skey', but I can't make it work.

- I used keyinit(1) to initalize an s/key password.  I tested it
  by telnetting in.

- The manpage for sshd says that 'SkeyAuthentication yes' says
  s/key authentication is 'allowed', whatever that means.

  (It also says this value is default, but I put it in anyway, for
  maintainability's sake.)

But, when I connect via ssh (either using a stock ssh client, or
the openssh client), I don't get challenged for my s/key OTP.

I tested removing my password from /etc/passwd, in case openssh was
merely using s/key as a failover.  But, this didn't work either.

So - what did I miss?

-- 
Brian 'you Bastard' Reichert		reichert@numachi.com
37 Crystal Ave. #303			Daytime number: (781) 273-4100 x161
Derry NH 03038-1713 USA			Intel architecture: the left-hand path


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message