user:style

Markus Friedl Markus.Friedl at informatik.uni-erlangen.de
Tue Apr 3 21:39:05 EST 2001


user:style is used for BSD_AUTH authentication.

e.g.
	ssh -l user:skey host

but it's usage currenly not consistent.

in ssh v2 you can used keyboardinteractive+devices, e.g.
device={secureid,cryptocard,skey}.

however in ssh v1 there is no 'device' string in the challenge
reponse packets, so user:submethod is 'abused' in a way
similar to BSD_AUTH as used in BSD/OS.

all this is not very consistent, it's just experimental.

-m

On Tue, Apr 03, 2001 at 07:58:02PM +0900, Tom Holroyd wrote:
> I noticed that (perhaps because ':' is invalid in a username) you can
> say ssh -l user:style host, where the "user:style" is sent by the client,
> and the server strips the ":style" part off and makes it available as
> part of the authentication context.  It's currently unused.
> 
> What are the plans for this, if any?  I was experimenting with the idea of
> using it with SRP to have several "names" that are allowed to log in as
> root, by using
> 	ssh -l root:name
> where the $HOME/.ssh/verifier file is searched for "name" (as opposed to
> the more usual "root").  Thus root:joe and root:fred both work, are
> administered by root (since the file lives in ~root/.ssh), and I can fire
> fred without having to change the passphrase for joe.  There are several
> problems with this idea, not the least of which is that if anybody except
> root uses it, it allows at least group access to a verifier, which is bad
> juju.
> 
> Besides that, I noticed that just stripping it off the way it's currently
> done in auth2.c means one has to tack it back on later if you actually use
> the full name for something (which SRP needs to do).  It would be better
> to make a copy of the string sent by the client, and nuke the ':' in that,
> so as to make both styled and unstyled versions available in the
> authentication context.  But this is really only an issue if anybody's
> going to actually use it for anything.
> 
> Dr. Tom Holroyd
> "I am, as I said, inspired by the biological phenomena in which
> chemical forces are used in repetitious fashion to produce all
> kinds of weird effects (one of which is the author)."
> 	-- Richard Feynman, _There's Plenty of Room at the Bottom_
> 



More information about the openssh-unix-dev mailing list