Another shapshot

Gert Doering gert at
Wed Nov 8 20:00:06 EST 2000


On Wed, Nov 08, 2000 at 01:34:04AM -0600, Ben Lindstrom wrote:
> > No.  Tried using up[0]+up[1] instead, but that also gives me a constant
> > number - the first always gives me "58", the second "85", but neither
> > gives the current challenge.
> > 
> > So - is anybody working on S/Key in OpenSSH?  Is somebody using it on a
> > non-BSD platform?  If yes, what did you do, which s/key library, which
> > CPU endianness, ...?
> > 
> If I knew of a S/Key library outside of the code in the OpenBSD tree I'd
> be happy to compile it up under Linux and see if I can mimic this problem.

There is one that has been ported from OpenBSD (similar to OpenSSH), I
found it by looking in "" for "skey source".  I found it
at, which, as I understand, is
also its home site.  I use version 1.1.

The S/Key library itself seems to work fine, that is:

 - I have "skeyinit"ed a bunch of challenges for me

 - When I log in via OpenSSH, I call "skeyinfo" to get the actual
   challenge number, call "skey <challenge>" to generate the response,
   and enter that into OpenSSH, and I can log in.

 - The only thing that is absolutely not working is the correct printing
   of the challenge number from inside OpenSSH - it always prints "58"
   (but OpenSSH doesn't seem to actually *use* libskey for that, there
   is quite a lot of code in auth-skey.c that calls directly into some
   crypto functions, if I read the code correctly).

I did not yet try skey with ssh2 (no DSA keys on all my test machines, 
and so on).

> > Is anybody interested in getting this to work?  I think a portable way to
> > do OTPs is very important.
> May be worth porting the S/Key library in the OpenBSD tree. It's rather
> small, but it has a lot of dependancy from what it looks at.

This seems to have been done already :-)


USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at
fax: +49-89-35655025                        gert.doering at

More information about the openssh-unix-dev mailing list