Revised OpenSSH Security Advisory (adv.iss)
Markus Friedl
markus at openbsd.org
Thu Jun 27 20:05:45 EST 2002
On Wed, Jun 26, 2002 at 04:54:56PM -0300, Andreas Hasenack wrote:
> Em Wed, Jun 26, 2002 at 12:39:50PM -0700, Steve VanDevender escreveu:
> > I think the announcement is fine the way it is. Having an explicit
> > "PAMAuthenticationViaKbdInt no" in sshd_config is a lot less ambiguous
> > than assuming it's disabled by default.
>
> All these authentication mechanisms can be confusing, since many can
> overlap. Just throw in challengeresponse, keyboard-interactive, password,
> kerberos (via ticket or password), S/Key (which is challengeresponse but
> can also be used via PAM) and so on.
>
> Is there another document besides the man page sshd_config(5)
> which explains all the available mechanisms in more detail? Or "just" the
> RFC/protocol/standard/whatever description?
keyboard-interactive is just a mechanism.
and if you run PAM over keyboard-interactive you can do all auth
methods that PAM allows (with some restrictions).
so if PAM allows passwd or skey, then you can do s/key over pam
over kbdint.
but no, there is no detailed documentation, it depends on many
things...
More information about the openssh-unix-dev
mailing list