>  >    Architecture: OpenBSD.amd64
>  >    Machine     : amd64
>  > >Description:
>  >    After about 20 logins or so my SKEY login stopped working.  Having
>  > tried multiple dozen times to login it wouldn't work.  So I made a testuser
>  > and luckily on the second login it didn't work either but I see no 
>  > correllation between the two.  A second testuser didn't seem to have a
>  > problem getting through 5 logins or more.
>  
>  Hi,
>  
>  I've been unable to reproduce this behavior.  Are you 100% sure the
>  passphrase is being entered correctly?  Even if you put in a bogus
>  passphrase, skey will happily provide you with one-time passwords,
>  though they will be invalid.
>  
>  Can you re-validate your findings?
>  
>  Cheers.

I just took the information from the testuser skey that was in the original
bug report and created this:

# pwd 
/etc/skey
# ls -ld
drwx-wx--T  2 root  auth  512 Feb 13 16:06 .
# ls -l
total 4
-rw-------  1 testuser  auth  43 Feb 13 16:06 testuser

Then generated the passphrase with password "FOReveryoung1" no quotes and
the skey phrases generated look the same as I provided in the bug report.
then I ssh'ed to localhost with ssh testuser:skey@localhost and could not
log in by copy/pasting the skey phrases into the password.  I still could
not log in even though the system has changed from 4.7 to 4.9-beta as
of a week ago or so.

OpenBSD 4.9-beta (GENERIC) #439: Thu Jan 20 17:15:16 MST 2011
    [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC

Now back to you.  Are you actually saying that you took my testuser data and
installed a testuser generated my passphrases and were able to log in 
successfully?  Are you using amd64 as well?

I really do think I did everything right with no mistakes and I was locked out
of my box from remote as well before which caused me to create this testuser
in the first place.

I don't have perfect hindsight so there is a chance I did something wrong but
it would really suck if this happened to someone with a critical system and
they could not get in.  For me my systems aren't so critical comparatively.

-peter

Reply via email to