From owner-freebsd-security  Tue Jun  2 04:35:51 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id EAA08039
          for freebsd-security-outgoing; Tue, 2 Jun 1998 04:35:51 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.119.24.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA08025
          for <freebsd-security@FreeBSD.ORG>; Tue, 2 Jun 1998 04:35:46 -0700 (PDT)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.8.7/8.8.7) with ESMTP id LAA05312;
	Tue, 2 Jun 1998 11:32:52 GMT
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id NAA23653;
	Tue, 2 Jun 1998 13:32:26 +0200 (MET DST)
Message-ID: <19980602133226.00055@follo.net>
Date: Tue, 2 Jun 1998 13:32:26 +0200
From: Eivind Eklund <eivind@yes.no>
To: ark@eltex.spb.ru
Cc: robert+freebsd@cyrus.watson.org, Poul-Henning@paranoid.eltex.spb.ru,
        Kamp@paranoid.eltex.spb.ru, phk@critter.freebsd.dk,
        "J.A.,Terranson"@paranoid.eltex.spb.ru, sysadmin@mfn.org,
        "freebsd-security@FreeBSD.ORG"@paranoid.eltex.spb.ru,
        freebsd-security@FreeBSD.ORG
Subject: Re: MD5 v. DES?
References: <19980602015132.55099@follo.net> <199806021201.MAA19702@paranoid.eltex.spb.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <199806021201.MAA19702@paranoid.eltex.spb.ru>; from ark@eltex.spb.ru on Tue, Jun 02, 1998 at 12:01:01PM +0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Jun 02, 1998 at 12:01:01PM +0000, ark@eltex.spb.ru wrote:
> > The SSH-1 protocol doesn't make it possible to use s/key for one-time
> > passwords, at least.  There is no provision for showing a challenge to
> > the user.
> 
> Don't know what is "SSH-1" protocol you are reffering to, but ssh
> (at least versions 1.2.20 and newer) do support OTP and even 
> authentication server.

Are you referring to the SecurID support?  This is challenge-free, and
this comment is from the third paragraph of README.SECURID in the ssh
distribution:

	[ ... ] It would be nice if we could change the prompt, but
	this would involve changing the dialog between the server and
	the client (since it the server that knows the user's
	authentication protocol, but the client which does the
	prompt). Maybe next time.

As I said, there is no way of presenting a challenge - which is
extremely annoying.  I don't know if this is fixed in V2.0 of the
protocol.

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message