[Bug 1922] New: Disabling ChallengeResponseAuthentication also disables KbdInteractiveAuthentication

bugzilla-daemon Sat, 30 Jul 2011 13:18:31 -0700

https://bugzilla.mindrot.org/show_bug.cgi?id=1922


             Bug #: 1922
           Summary: Disabling ChallengeResponseAuthentication also
                    disables KbdInteractiveAuthentication
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.8p2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: [email protected]
        ReportedBy: [email protected]


I was chasing some unexpected behaviour from OpenSSH, and have come
across an oddity in the source code which feels like a bug.

In auth2-kbdint.c, the Authmethod struct declares
options.kbd_interactive_authentication as the enabled flag for this
method. However in the implementation function a few lines above, it
checks options.challenge_response_authentication to decide whether to
actually proceed with the authentication.

This results in the behaviour of "ChallengeResponseAuthentication no"
also disabling keyboard-interactive authentication, even if
"KbdInteractiveAuthentication yes" is specified.

(Also, the KbdInteractiveAuthentication option isn't explicitly
documented in the manpages, so I'm unsure if it's actually intended to
be used or not.)

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 1922] New: Disabling ChallengeResponseAuthentication also disables KbdInteractiveAuthentication

Reply via email to