user:style
Markus Friedl
Markus.Friedl at informatik.uni-erlangen.de
Tue Apr 3 21:39:05 EST 2001
user:style is used for BSD_AUTH authentication.
e.g.
ssh -l user:skey host
but it's usage currenly not consistent.
in ssh v2 you can used keyboardinteractive+devices, e.g.
device={secureid,cryptocard,skey}.
however in ssh v1 there is no 'device' string in the challenge
reponse packets, so user:submethod is 'abused' in a way
similar to BSD_AUTH as used in BSD/OS.
all this is not very consistent, it's just experimental.
-m
On Tue, Apr 03, 2001 at 07:58:02PM +0900, Tom Holroyd wrote:
> I noticed that (perhaps because ':' is invalid in a username) you can
> say ssh -l user:style host, where the "user:style" is sent by the client,
> and the server strips the ":style" part off and makes it available as
> part of the authentication context. It's currently unused.
>
> What are the plans for this, if any? I was experimenting with the idea of
> using it with SRP to have several "names" that are allowed to log in as
> root, by using
> ssh -l root:name
> where the $HOME/.ssh/verifier file is searched for "name" (as opposed to
> the more usual "root"). Thus root:joe and root:fred both work, are
> administered by root (since the file lives in ~root/.ssh), and I can fire
> fred without having to change the passphrase for joe. There are several
> problems with this idea, not the least of which is that if anybody except
> root uses it, it allows at least group access to a verifier, which is bad
> juju.
>
> Besides that, I noticed that just stripping it off the way it's currently
> done in auth2.c means one has to tack it back on later if you actually use
> the full name for something (which SRP needs to do). It would be better
> to make a copy of the string sent by the client, and nuke the ':' in that,
> so as to make both styled and unstyled versions available in the
> authentication context. But this is really only an issue if anybody's
> going to actually use it for anything.
>
> Dr. Tom Holroyd
> "I am, as I said, inspired by the biological phenomena in which
> chemical forces are used in repetitious fashion to produce all
> kinds of weird effects (one of which is the author)."
> -- Richard Feynman, _There's Plenty of Room at the Bottom_
>
More information about the openssh-unix-dev
mailing list