S/Key solution
Ben Lindstrom
mouring at pconline.com
Fri Nov 10 11:00:12 EST 2000
On Fri, 10 Nov 2000, Gert Doering wrote:
> Hi,
>
> On Thu, Nov 09, 2000 at 10:30:28AM -0600, Ben Lindstrom wrote:
> > Moving back to skey_keyinfo() makes it work, *BUT* ignores the original
> > problem which is stated in the 1.1 check in comments by Markus:
> [..]
> > So I assume the solution should be doing something like:
> >
[..]
>
> Sounds fine to me, and should catch both problems.
>
<Weak smile> Someone hit me. The problem is not in auth-skey.c. It's
really in the fact that the return from skey_keyinfo() is not saved in
auth1.c. Below in the patch which correctly fixes it.
This same problem exists within the OpenBSD tree also.
BTW.. This only works with RSA keys. Is S/Key valid in the view of
protocl 2.0?
Gert, let me know if this fixes the problem. It does under Linux/i86.
--- ../openssh/auth1.c Sat Oct 14 00:23:11 2000
+++ auth1.c Thu Nov 9 18:47:20 2000
@@ -273,7 +273,7 @@
if (options.skey_authentication == 1) {
char *skeyinfo = NULL;
if (pw != NULL)
- skey_keyinfo(pw->pw_name);
+ skeyinfo = skey_keyinfo(pw->pw_name);
if (skeyinfo == NULL) {
debug("generating fake skeyinfo for %.100s.", luser);
skeyinfo = skey_fake_keyinfo(luser);
More information about the openssh-unix-dev
mailing list