From owner-freebsd-current  Wed Jul 10 13: 7:43 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D3DA537B400
	for <current@freebsd.org>; Wed, 10 Jul 2002 13:07:40 -0700 (PDT)
Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7925343E31
	for <current@freebsd.org>; Wed, 10 Jul 2002 13:07:39 -0700 (PDT)
	(envelope-from tlambert2@mindspring.com)
Received: from pool0451.cvx22-bradley.dialup.earthlink.net ([209.179.199.196] helo=mindspring.com)
	by falcon.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 17SNk1-0005pT-00; Wed, 10 Jul 2002 13:07:13 -0700
Message-ID: <3D2C93C6.349DFEEB@mindspring.com>
Date: Wed, 10 Jul 2002 13:06:30 -0700
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Andrey A. Chernov" <ache@nagual.pp.ru>
Cc: Dag-Erling Smorgrav <des@ofug.org>, current@freebsd.org
Subject: Re: OPIE auth broken too (was Re: PasswordAuthentication not works in 
 sshd)
References: <20020709124943.GA15259@nagual.pp.ru> <xzphej9jb3i.fsf@flood.ping.uio.no> <20020709133611.GA17322@nagual.pp.ru> <xzpd6txj93r.fsf@flood.ping.uio.no> <20020709164108.GA19075@nagual.pp.ru> <xzpr8icinnb.fsf@flood.ping.uio.no> <20020709232559.GA23499@nagual.pp.ru> <xzpd6tvj3h3.fsf@flood.ping.uio.no> <20020710115021.GA28478@nagual.pp.ru> <xzpznwzg4k0.fsf@flood.ping.uio.no> <20020710122357.GA29452@nagual.pp.ru>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

"Andrey A. Chernov" wrote:
> On Wed, Jul 10, 2002 at 14:17:51 +0200, Dag-Erling Smorgrav wrote:
> > "Andrey A. Chernov" <ache@nagual.pp.ru> writes:
> > > Why what? Sysadmin allows PasswordAuthentication only.
> >
> > Why?
> 
> Because he choose to not trust hosts keys which can be stolen especially
> when not password-protected. Because it is documented way to configure
> sshd. This scenario is very equivalent to normal Unix login procedure
> excepting that passwords are not transferred as cleartext over the net. It
> is most easy way for admin to teach end-users to use ssh without
> (mis)dealing with hosts keys.

I think he meant "Why doesn't it respect the "secure" flag on pty's
in /etc/ttys, like all other conforming UNIX programs do?".

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message