Date: Mon, 22 Apr 2002 17:39:26 -0700 (PDT) From: Jordan Hubbard <jkh@winston.freebsd.org> To: hackers@freebsd.org Subject: ssh + compiled-in SKEY support considered harmful? Message-ID: <200204230039.g3N0dQ8i011313@winston.freebsd.org>
next in thread | raw e-mail | index | archive | help
We at Apple are noticing a strange problem with newer versions of ssh (which has been upgraded to OpenSSH_3.1p1) and FreeBSD 4.5-STABLE's sshd. This problem did not occur with our older ssh, but it also does not occur with the newer version and *any* other OS other than FreeBSD, e.g. if you ssh to a Linux or Solaris or Mac OS X box, for that matter, you will not see this behavior. What behavior am I talking about? This: jhubbard@wafer-> ssh jkh@winston.freebsd.org otp-md5 114 wi7854 ext S/Key Password: otp-md5 117 wi5044 ext S/Key Password: otp-md5 397 wi0652 ext S/Key Password: jkh@winston.freebsd.org's password: The machine "wafer" is a Mac OS X box running 10.1.3 and winston.freebsd.org is running FreeBSD 4.5-STABLE. The authentication method which tries this S/Key stuff is "keyboard-interactive" and this is tried, for some reason, before the "password" auth method. If you compile sshd on the FreeBSD side without SKEY support built-in, the problem also goes away. My question: Who's "wrong" here, FreeBSD or Mac OS X? If the latter, why doesn't Linux or anything else produce this problem? I ask now because I know that the usage of Mac OS X is growing and there are going to be a lot of annoyed users (like me!) who very quickly get tired of having to wind through all the bogus S/Key password prompts before they can actually type in their real password (and no, skey is not enabled on winston and I have never done a keyinit operation, so I couldn't S/Key authenticate to it if I wanted to). - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204230039.g3N0dQ8i011313>