problem with pam_converse with openssh protocol version 1
Frank Cusack
fcusack at fcusack.com
Wed Jun 22 18:22:53 EST 2005
On June 22, 2005 10:49:14 AM +1000 Darren Tucker <dtucker at zip.com.au> wrote:
> Frank Cusack wrote:
> [about hacking SSHv1 TIS auth for multiple challenges]
>> Actually, what I did was to allow any number of challenge messages.
>> So a failure message is indeed a failure. I collected all the prompts
>> in the conversation function and sent them one at a time as individual
>> challenges to the client.
>
> I don't think that's guaranteed to work with a compliant SSHv1 client.
You're right, it won't.
> If they're going to have to modify clients they may as well deploy a v2 client which can support
> it properly.
Oops, I overlooked the [stated] problem of deploying new clients.
I guess your suggestion of sending failures might work, even though (as you say) it is ugly.
Frank
More information about the openssh-unix-dev
mailing list