problems with -R
Ben Lindstrom
mouring at etoh.eviladmin.org
Wed Nov 6 15:25:47 EST 2002
On Tue, 5 Nov 2002, Ed Peschko wrote:
> On Tue, Nov 05, 2002 at 06:24:18PM -0800, Tim Rice wrote:
> > On Tue, 5 Nov 2002, Ed Peschko wrote:
> >
> > > ok, more about the password item... I'm still in the thick of it (looking at
> > > deja and trying various solutions), but is it messy.
> > >
> > > IMO, ssh should *not* be this difficult; users/passwords from /etc/passwd
> > > should be automatically enabled to connect without going through hoops like
> > > this. In short:
> > >
> > > a) if a system uses md5 passwords, configure should *auto-detect* it,
> >
> > Care to provide a patch that does this without root permissions?
>
> yes, you could do this fairly straightforward - you know that x distribution/
> unix-variant has md5 passwords enabled by default, so you make a list. If you
> see that os variant in that list, you enable the md5-password flag for the user.
> If not, you don't. Won't work about 1 time out of 100, but in that case, you
> give explicit flags. You also give a message in the configure that says you are
> doing this.
>
Until such time as that distro changes from MD5 to something else. Then
you end up with having to say version 2.x and below are XX encryption,
version 5.x and below is TT encryption, etc..
BAD for configuration scripts.
BTW.. if your OS uses MD5. The changes you are running FreeBSD or Linux
are high. And all but one Linux uses PAM. You should be compiling for
pam so that system can handle it.
> Anyways, I gave up on the whole password authentication thing and made a
> passkey. I don't think I should have had to do that..
>
I've never had a problem. I've stepped people through configuration their
OS for the right password authentication method. And went on with life.
Again, unless your doing something wierd. It is not that complex.
- Ben
More information about the openssh-unix-dev
mailing list