"David O'Brien" <[EMAIL PROTECTED]> writes:
> Something is still very wrong:
>     ssh  foo@releng4
>     otp-md5 350 re9786 ext
>     S/Key Password: 
>     otp-md5 134 re2584 ext
>     S/Key Password: 
>     otp-md5 417 re5381 ext
>     S/Key Password: 
>     otp-md5 198 re2571 ext
>     S/Key Password: 
> Uh, why does my sequence keep changing when I just hit <return>???

Because it's generating fake S/Key challenges, and badly.

> And this will not accept my Unix password until I enter garbage _3_ times,
> then I finally get a Unix password prompt.
> Hello, DES?  Have you seen this thread?

No, I haven't seen it, but I've had similar reports.  It's actually a
bug on the server side, in older OpenSSH servers, that is exposed by
newer OpenSSH clients.  I haven't yet determined a correct client-side
solution, but a workaround is to disable S/Key authentication for
those hosts where you don't actually want to use it, by adding the
following to ~/.ssh/config:

Host foo bar baz
  SKeyAuthentication no

OpenSSH 3.1 servers on -CURRENT will DTRT since they use PAM.

Dag-Erling Smorgrav - [EMAIL PROTECTED]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to