From owner-freebsd-current Wed Jul 10 5:24:19 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F98A37B400 for ; Wed, 10 Jul 2002 05:24:17 -0700 (PDT) Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1054743E5E for ; Wed, 10 Jul 2002 05:24:16 -0700 (PDT) (envelope-from ache@pobrecita.freebsd.ru) Received: from pobrecita.freebsd.ru (ache@localhost [127.0.0.1]) by nagual.pp.ru (8.12.5/8.12.5) with ESMTP id g6ACO45C029551; Wed, 10 Jul 2002 16:24:12 +0400 (MSD) (envelope-from ache@pobrecita.freebsd.ru) Received: (from ache@localhost) by pobrecita.freebsd.ru (8.12.5/8.12.5/Submit) id g6ACO1vs029550; Wed, 10 Jul 2002 16:24:02 +0400 (MSD) (envelope-from ache) Date: Wed, 10 Jul 2002 16:23:59 +0400 From: "Andrey A. Chernov" To: Dag-Erling Smorgrav Cc: current@freebsd.org Subject: Re: OPIE auth broken too (was Re: PasswordAuthentication not works in sshd) Message-ID: <20020710122357.GA29452@nagual.pp.ru> References: <20020709124943.GA15259@nagual.pp.ru> <20020709133611.GA17322@nagual.pp.ru> <20020709164108.GA19075@nagual.pp.ru> <20020709232559.GA23499@nagual.pp.ru> <20020710115021.GA28478@nagual.pp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.1i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Jul 10, 2002 at 14:17:51 +0200, Dag-Erling Smorgrav wrote: > "Andrey A. Chernov" writes: > > Why what? Sysadmin allows PasswordAuthentication only. > > Why? Because he choose to not trust hosts keys which can be stolen especially when not password-protected. Because it is documented way to configure sshd. This scenario is very equivalent to normal Unix login procedure excepting that passwords are not transferred as cleartext over the net. It is most easy way for admin to teach end-users to use ssh without (mis)dealing with hosts keys. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message