[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

ssh & opie



Jan,

  First, thanks for maintaing the ssh rpms. They've come in handy many
times. As you may know even with PAM support ssh only supports "password"
authentication as the protocol lacks a conversation or pluggability
feature. For a long time people, myself included, have wanted to use ssh
with some time of one time password system such as S/KEY or OPIE. OPIE is
already supported via a PAM module but the ssh PAM patch simply ignores
the PAM_TEXT_INFO message with the challenge information. If you change
the line in the patch that constains "/* ignore it... */" to
"packet_send_debug(msg[count]->msg);" its possible to use ssh, pam and
opie together.

  After compiling the server and configuring the opie pam module all the
client has to do is be run like:

"ssh -v -o "NumberOfPasswordPrompts 2" <hostname>"

  The user will need to enter a dummy password, then the challenge will be
displayed by the client in the debug messages, and he can enter the
responce the second time the client prompts it for a password.

  Its not pretty but it works. Now if only this free windows ssh client
would display debugin information...

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []