Date: 30 Mar 2002 13:14:07 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: current@freebsd.org Cc: Thomas Quinot <thomas@cuivre.fr.eu.org> Subject: Re: Problem with ssh Message-ID: <xzpk7rutfqo.fsf@flood.ping.uio.no> In-Reply-To: <20020329203139.C74181@dragon.nuxi.com> References: <20020328183736.85E9588@nebula.anchoragerescue.org> <20020328192816.GA217@mich.itxmarket.com> <20020328194005.573B688@nebula.anchoragerescue.org> <20020328120317.C92633@dragon.nuxi.com> <20020329030505.GF22998@squall.waterspout.com> <20020329110125.A61943@melusine.cuivre.fr.eu.org> <20020329203139.C74181@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"David O'Brien" <obrien@freebsd.org> writes: > Something is still very wrong: > > ssh foo@releng4 > otp-md5 350 re9786 ext > S/Key Password: > otp-md5 134 re2584 ext > S/Key Password: > otp-md5 417 re5381 ext > S/Key Password: > otp-md5 198 re2571 ext > S/Key Password: > > Uh, why does my sequence keep changing when I just hit <return>??? Because it's generating fake S/Key challenges, and badly. > And this will not accept my Unix password until I enter garbage _3_ times, > then I finally get a Unix password prompt. > > Hello, DES? Have you seen this thread? No, I haven't seen it, but I've had similar reports. It's actually a bug on the server side, in older OpenSSH servers, that is exposed by newer OpenSSH clients. I haven't yet determined a correct client-side solution, but a workaround is to disable S/Key authentication for those hosts where you don't actually want to use it, by adding the following to ~/.ssh/config: Host foo bar baz SKeyAuthentication no OpenSSH 3.1 servers on -CURRENT will DTRT since they use PAM. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpk7rutfqo.fsf>