I send this message to [EMAIL PROTECTED], because Brian committed
skeychallenge() - opiechallenge() staff...
Brian, could you check this?
I change crypto/openssh/auth-chall.c as follows, and test it.
--- auth-chall.c.dist Thu Sep 27 18:33:33 2001
+++ auth-chall.cThu Jan 17 13:28:07 2002
@@ -77,7 +77,7 @@
{
static char challenge[1024];
struct opie opie;
- if (opiechallenge(opie, authctxt-user, challenge) == -1)
+ if (opiechallenge(opie, authctxt-user, challenge))
return NULL;
strlcat(challenge, \nS/Key Password: , sizeof challenge);
return challenge;
It works as expected, ie:
* FreeBSD 4.5-RC1 box is in default config.
* Client is OpenSSH_3.0.1p1, in default config.
(1) If /etc/opiekeys @ FreeBSD box is size=0, opiechallenge return 1,
and sshd fall back to plain password. OK.
(2) If /etc/opiekeys @ FreeBSD box lists no requested user, same as
(1). OK.
(3) If there are no /etc/opiekeys @ FreeBSD box, /etc/opiekeys is
created automatically, and behave as (1). OK.
(4) If requested user is listed on /etc/opiekeys @ FreeBSD box, sshd
requests opie password, and happy with correct pass phrase. OK.
Koji
From: Koji Hino [EMAIL PROTECTED]
Subject: Re: 4.5-RC1: Why sshd require opie for SSH version 2?
Date: Wed, 16 Jan 2002 17:35:25 -0800 (PST)
ID: [EMAIL PROTECTED]
: Thanks to everyone who answered to my question.
:
: OK, there are some workaround to overcome this problem. Then, how
: 4.5-R should be? Disable opie as default sshd configuration?
:
: Or
:
: I looked into source (not deeply), and found:
: * opiechallenge() [/usr/src/contrib/opie/libopie/challenge.c] returns
: value: 0, -1, 1. If there are no related user, it seems (I'm not
: checked by debugger. only my understanding..) to return 1.
: * old version, skeychallenge(), only return 0 (OK), or -1 (BAD).
: * get_challenge() [/usr/src/crypto/openssh/auth-chall.c] only check
: return value of opiechallenge() if it is -1.
:
: So, I think get_challenge() should handle '1' case.
:
: Best regards,
:
:
: Koji HINO(HINO is my family name)
: CC Research Laboratories, NEC USA, Inc.
: E-mail: [EMAIL PROTECTED]
: --
: DISCLAIMER: this message is the author's personal opinion and does not
: constitute the support, opinion, or policy of NEC USA, Inc.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-stable in the body of the message