On Sun 2011.02.13 at 16:25 +0100, Peter J. Philipp wrote: > > > Architecture: OpenBSD.amd64 > > > Machine : amd64 > > > >Description: > > > After about 20 logins or so my SKEY login stopped working. Having > > > tried multiple dozen times to login it wouldn't work. So I made a > > testuser > > > and luckily on the second login it didn't work either but I see no > > > correllation between the two. A second testuser didn't seem to have a > > > problem getting through 5 logins or more. > > > > Hi, > > > > I've been unable to reproduce this behavior. Are you 100% sure the > > passphrase is being entered correctly? Even if you put in a bogus > > passphrase, skey will happily provide you with one-time passwords, > > though they will be invalid. > > > > Can you re-validate your findings? > > > > Cheers. > > I just took the information from the testuser skey that was in the original > bug report and created this: > > # pwd > /etc/skey > # ls -ld > drwx-wx--T 2 root auth 512 Feb 13 16:06 . > # ls -l > total 4 > -rw------- 1 testuser auth 43 Feb 13 16:06 testuser > > Then generated the passphrase with password "FOReveryoung1" no quotes and > the skey phrases generated look the same as I provided in the bug report. > then I ssh'ed to localhost with ssh testuser:skey@localhost and could not > log in by copy/pasting the skey phrases into the password. I still could > not log in even though the system has changed from 4.7 to 4.9-beta as > of a week ago or so. > > OpenBSD 4.9-beta (GENERIC) #439: Thu Jan 20 17:15:16 MST 2011 > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC > > Now back to you. Are you actually saying that you took my testuser data and > installed a testuser generated my passphrases and were able to log in > successfully? Are you using amd64 as well?
i386/amd64/sparc64 - all worked as expected. I created my own testuser, then just duplicated yours... Now what I did just notice in the original bug report was that the last character of the password was missing (the "T" from LOFT). Maybe that's a cut/paste thing? > I really do think I did everything right with no mistakes and I was locked out > of my box from remote as well before which caused me to create this testuser > in the first place. > > I don't have perfect hindsight so there is a chance I did something wrong but > it would really suck if this happened to someone with a critical system and > they could not get in. For me my systems aren't so critical comparatively. > > -peter
