Cleartext pre-authentication before going to secure mode.
Markus Friedl
Markus.Friedl at informatik.uni-erlangen.de
Wed Sep 13 19:45:59 EST 2000
On Wed, Sep 13, 2000 at 11:17:11AM +0300, Tomi Ollila wrote:
> Tuesday Sep 12 15:54:52 +0200 2000 Markus Friedl <markus at openbsd.org> wrote:
>
> > i don't understand completely what you want, but shouldn't this work
> > with ssh's proxy option?
>
> Hmm, it took me a while understanding this ProxyCommand option... in my
> case I should write a program that works like a modem dialler script --
> when it receives `User:' and 'PASSCODE' -strings, it would automatically
> output that info. Progress information could be outputted to terminal using
> fd 2 ?
you can print out info to stderr and read the passcode from /dev/tty
> The proxycommand is a program that have to stay between the network and
> ssh all the time (and disallows ssh to use `getpeername()' to verify the
> other end?).
> When passing through FW-1 authenticated Telnet server, 2 things have to be
> handled: 1) that server requires that the client that connects to it
> answers the telnet negotiation commands that it sends -- otherwise after
> connection is made to the end host, no data is passed to it. 2) That telnet
> server always sends those telnet negotiation commands to the end host after
> connection -- so if no pre-cleaning of the connection is made, when trying
> to send ssh identification string, the end host receives the following
> stream (telnet negotiation codes "prettyprinted")
>
> IAC DO ECHO
> IAC DO SUPPRESS GO AHEAD
> SSH-1.5-OpenSSH_2.1.1
>
>
> That's why I requested that I'd like to see sshd ignore some possible
> garbage until it looks like it is receiving an ssh identification string
> (in my programs I am checking that SSH- has arrived).
i think this is possible.
More information about the openssh-unix-dev
mailing list