Date: Fri, 30 Nov 2001 22:03:52 -0800 From: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG> To: "H. Wade Minter" <minter@lunenburg.org> Cc: "f.johan.beisser" <jan@caustic.org>, <freebsd-security@FreeBSD.ORG> Subject: Re: OPIE and ssh Message-ID: <15368.29384.520956.692867@horsey.gshapiro.net> In-Reply-To: <20011130220948.T36907-100000@bunning.skiltech.com> References: <15367.51556.94034.892901@horsey.gshapiro.net> <20011130220948.T36907-100000@bunning.skiltech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
minter> Is there anything else that needs to be done? I've been interested in
minter> playing around with S/Key or OPIE, but when I tried those steps, I still
minter> get a normal password prompt when I SSH in:
minter> bash-2.04$ slogin kenbridge
minter> minter@kenbridge's password:
No, that's all I recall doing. Just to clarify my steps:
These are done on the server (where you are ssh'ing to)
>> cd /etc
>> rm skeykeys
>> ln -s opiekeys skeykeys
>> keyinit gshapiro
These are done on the client (where you are ssh'ing from):
>> My ~/.ssh/config contains (among other things):
>>
>> # Defaults
>> Host *
>> StrictHostKeyChecking yes
Also, newer versions of the ssh client let's you specify the order of the
mechanisms:
PreferredAuthentications
Specifies the order in which the client should try protocol 2
authentication methods. This allows a client to prefer one method
(e.g. keyboard-interactive) over another method (e.g. password)
The default for this option is: ``publickey, password,
keyboard-interactive''
keyboard-interactive is the S/Key method. You may want to change your
order to publickey,keyboard-interactive,password.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15368.29384.520956.692867>