Re: S/KEY ftp logins
On Mon, 8 Mar 2004 15:31:50 - , in local.freebsd.questions you wrote: Is there some way to tell if ftp logins are successfully using S/KEY or falling back to cleartext? Is there some way to require S/KEY only? I believe the password prompt includes required if a static password would not be accepted. As I recall if you create /etc/skey.access then everything which is *not* mentioned in that file will require s/key. I think this also applies to shell logins so you need to be careful. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
S/KEY ftp logins
Is there some way to tell if ftp logins are successfully using S/KEY or falling back to cleartext? Is there some way to require S/KEY only? Cliff ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FBSD 4.8-STABLE and S/Key
Heya Folks; I just tried to get s/key support working, I read the hand book and all it shows is using keyinit as the users to enable there one time passwords, and then when I login or ftp/etc, it shows the s/key support line. But the password's that keyinit generates do not work? Any ideas? I can not login at all via the s/key password(s). Thanks. - Jason L. Schwab [EMAIL PROTECTED] http://www.jlschwab.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
s/key
How do I turn off the prompt for an s/key password? I started getting the request when I upgraded from 4.5 to 4.7 -- Robert Munn To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: s/key
On Tue, 18 Feb 2003, Robert Munn wrote: How do I turn off the prompt for an s/key password? I started getting the request when I upgraded from 4.5 to 4.7 'man skey' or 'man skey.access' works; and also check things like the Challenge in 'man sshd_config'. Dw. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
s/key
After upgrading one of my system from 4.6 to 4.7 I get an S/Key prompt when I ssh to a 4.6 system. How can I get rid of the skey prompt. I have tried fiddling with pam.conf but it doesn't seem to make ant difference To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: s/key
On Tue, Feb 18, 2003 at 08:55:54AM -0500, Robert Munn typed: How do I turn off the prompt for an s/key password? I started getting the request when I upgraded from 4.5 to 4.7 Putting the line: PreferredAuthentications publickey,password in /etc/ssh/ssh_config works for me. -- Robert Munn To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Help with s/key
Sincerely, I don't understand this stuff. I've tried to read it.
Is anyone willing to tell me the advantages of s/key and whether I should use
it?
This is what happens:
cut
wash@ns2 ('tty') ~ 479 - ssh newhost
otp-md5 105 ba3562 ext
S/Key Password:
otp-md5 172 ba9156 ext
S/Key Password:
otp-md5 236 ba7561 ext
S/Key Password:
[EMAIL PROTECTED]'s password:
Last login: Fri Nov 1 18:31:46 2002 from 62.8.64.13
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 4.6.2-RELEASE (backup) #0: Fri Oct 11 19:02:55 GMT 2002
Welcome to RBS backup server!
bash-2.05a$
/cut
Thanks
-Wash
--
Odhiambo Washington [EMAIL PROTECTED] The box said 'Requires
Wananchi Online Ltd. www.wananchi.com Windows 95, NT, or better,'
Tel: +254 2 313985-9 +254 2 313922 so I installed FreeBSD.
GSM: +254 72 743223 +254 733 744121 This sig is McQ! :-)
It's Like This
Even the samurai
have teddy bears,
and even the teddy bears
get drunk.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Fwd: Re: Help with s/key
S/Key is a pretty nifty way of sending garbled passwords over cleartext means
(telnet). It was sort of a pre-cursor to ssh. Although widely used still,
it is somewhat obsolete...but then, one can never be too paranoid, right? :)
So, let me 'splain...
| Sincerely, I don't understand this stuff. I've tried to read it.
| Is anyone willing to tell me the advantages of s/key and whether I should
| use it?
|
| This is what happens:
|
| cut
| wash@ns2 ('tty') ~ 479 - ssh newhost
| otp-md5 105 ba3562 ext
| S/Key Password:
Ok, right here is where you would get the s/key encryption generator thingy
out (in windows you can use winkey (google it)). There is a *nix command
that will do it too, although, at this time, I can't remember the name of it.
In short, what you would do, provided s/key has a valid passwd for the user
you are trying to login as (its a separate file in /etc generally called
opeykeys, iirc) when you get the prompt above you would copy the
challenge: otp-md5 105 ba3562 ext
(you really only need the 105 ba3562 but using the whole thing is harmless).
Then you paste that into winkey or the unix equivalent (again, can't remember
what that is called now...Im doing this all from memory and its been well
over four years since I've used s/key). When you press enter you will br
prompted for your password (again, not the system passwd necessarily but the
one you set yourself up with for skey which is reflected in the /etc/opeykeys
file). Then you will get a strange set of words that look similar to:
HAPPY DESKS AUTOS MAILBOX PEOPLE BLAH
That is what you then copy and paste back to skey at the S/Key Password:
prompt and VOILA...assuming you typed your password correctly you should be
granted access.
There are a few neato things about skey. As the admin, when you set someone
up with an skey account (and if skey is the only login method allowed for
your machine) you set that person up with a certain number of allowed logins
(in the case above, the number left for the allowed logins is 105). This
number decrements upon every login attempt (iircmight be every successful
login but I am pretty sure its every attempt). When this number hits 0 that
user is no longer allowed to attempt to login until you, as the admin, makes
that number 0.
Openssh will use s/key as a backup method of logging in. Rightly so, if you
think about it you do NOT want to send your passwords cleartext over telnet
connections. You're begging for trouble if you do that. S/Key makes it so
that you can send your password over telnet in cleartext without a cracker
easily getting your password from the wire. S/Key, last I checked, by
default uses MD5 hashes but I know it can use DSA and MD4 and perhaps other
algorythms as well.
What you are seeing below, if Im not mistaking, is openssh falling back to
different login methods. Its probably going in this order: private key,
s/key, then password.
Hope this helps. If I got anything wrong please correct me. I really mean
it that I haven't used S/Key in a lng time. But I used to use it all the
time on my servers until ssh became popular.
- Jim
| otp-md5 172 ba9156 ext
| S/Key Password:
| otp-md5 236 ba7561 ext
| S/Key Password:
| [EMAIL PROTECTED]'s password:
| Last login: Fri Nov 1 18:31:46 2002 from 62.8.64.13
| Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
| The Regents of the University of California. All rights reserved.
| FreeBSD 4.6.2-RELEASE (backup) #0: Fri Oct 11 19:02:55 GMT 2002
|
|
| Welcome to RBS backup server!
|
|
| bash-2.05a$
| /cut
|
|
|
| Thanks
|
| -Wash
--
- Jim
---
--
- Jim
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
