gert at greenie.muc.de
Wed Nov 8 20:00:06 EST 2000
On Wed, Nov 08, 2000 at 01:34:04AM -0600, Ben Lindstrom wrote:
> > No. Tried using up+up instead, but that also gives me a constant
> > number - the first always gives me "58", the second "85", but neither
> > gives the current challenge.
> > So - is anybody working on S/Key in OpenSSH? Is somebody using it on a
> > non-BSD platform? If yes, what did you do, which s/key library, which
> > CPU endianness, ...?
> If I knew of a S/Key library outside of the code in the OpenBSD tree I'd
> be happy to compile it up under Linux and see if I can mimic this problem.
There is one that has been ported from OpenBSD (similar to OpenSSH), I
found it by looking in "www.google.com" for "skey source". I found it
at http://www.sparc.spb.su/solaris/skey/, which, as I understand, is
also its home site. I use version 1.1.
The S/Key library itself seems to work fine, that is:
- I have "skeyinit"ed a bunch of challenges for me
- When I log in via OpenSSH, I call "skeyinfo" to get the actual
challenge number, call "skey <challenge>" to generate the response,
and enter that into OpenSSH, and I can log in.
- The only thing that is absolutely not working is the correct printing
of the challenge number from inside OpenSSH - it always prints "58"
(but OpenSSH doesn't seem to actually *use* libskey for that, there
is quite a lot of code in auth-skey.c that calls directly into some
crypto functions, if I read the code correctly).
I did not yet try skey with ssh2 (no DSA keys on all my test machines,
and so on).
> > Is anybody interested in getting this to work? I think a portable way to
> > do OTPs is very important.
> May be worth porting the S/Key library in the OpenBSD tree. It's rather
> small, but it has a lot of dependancy from what it looks at.
This seems to have been done already :-)
USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
More information about the openssh-unix-dev