On Tue, Feb 27, 2007 at 05:38:37PM -0500, Josh Grosse wrote:
> After building -current on Feb 25, I noticed when I attempted to use S/Key
> remotely, that it was not a permitted authentication style. (I use S/Key
> when publc key authentication is not available, so it may have nothing to do
> with recent changes to how sshd_config Match works, and may be something else
> entirely, I have not used S/Key in a few weeks.)
I had a quick look at it and it appears to be due to the Match changes
interacting with this code in auth2.c:do_authentication2():
/* challenge-response is implemented via keyboard interactive */
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
It works if you set "KbdInteractiveAuthentication yes" in sshd_config
(and I suggest this as a workaround) rather than relying on
ChallengeResponseAuthentication.
I'll do a patch later today.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
