[Bug 1922] New: Disabling ChallengeResponseAuthentication also disables KbdInteractiveAuthentication

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sun Jul 31 06:18:23 EST 2011


             Bug #: 1922
           Summary: Disabling ChallengeResponseAuthentication also
                    disables KbdInteractiveAuthentication
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.8p2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: maxb at f2s.com

I was chasing some unexpected behaviour from OpenSSH, and have come
across an oddity in the source code which feels like a bug.

In auth2-kbdint.c, the Authmethod struct declares
options.kbd_interactive_authentication as the enabled flag for this
method. However in the implementation function a few lines above, it
checks options.challenge_response_authentication to decide whether to
actually proceed with the authentication.

This results in the behaviour of "ChallengeResponseAuthentication no"
also disabling keyboard-interactive authentication, even if
"KbdInteractiveAuthentication yes" is specified.

(Also, the KbdInteractiveAuthentication option isn't explicitly
documented in the manpages, so I'm unsure if it's actually intended to
be used or not.)

Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list