Date: Thu, 17 Jan 2002 15:49:35 +0100 From: Stijn Hoop <stijn@win.tue.nl> To: Neil Blakey-Milner <nbm@mithrandr.moria.org> Cc: qa@freebsd.org Subject: Re: s/key! Message-ID: <20020117154935.G76860@pcwin002.win.tue.nl> In-Reply-To: <20020117163652.B39578@mithrandr.moria.org>; from nbm@mithrandr.moria.org on Thu, Jan 17, 2002 at 04:36:52PM %2B0200 References: <E16RCwQ-0008cn-00@rip.psg.com> <20020117145818.F76860@pcwin002.win.tue.nl> <20020117163652.B39578@mithrandr.moria.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--ALfTUftag+2gvp1h Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jan 17, 2002 at 04:36:52PM +0200, Neil Blakey-Milner wrote: > On Thu 2002-01-17 (14:58), Stijn Hoop wrote: > > On Thu, Jan 17, 2002 at 05:50:54AM -0800, Randy Bush wrote: > > > i have never done anything wish s/key on either host. why am i getti= ng > > > this? (both quite recent -stable) > > >=20 > > > ns0.psg.com:/usr/local/src/distfiles# rsy randy@rip.psg.com:bind-9.2.= 0.tar.gz . > > > otp-md5 3 ri5788 ext > > > S/Key Password:=20 > >=20 > > This has bitten me before as well. Recent -STABLE turns S/Key on by > > default in /etc/ssh/sshd_config. Uncomment the line: > >=20 > > # ChallengeResponseAuthentication no > >=20 > > to disable S/Key again. >=20 > That's going to be particularly irritating. Is there any way for sshd > to properly detect the necessity of S/Key? If not, should it perhaps > not be enabled by default? I'm still looking for the option that lowers the priority of S/Key. I think that POLA would be to use public-key first, then password, then s/key. I haven't looked hard though... --Stijn --=20 "...I like logs. They give me a warm fuzzy feeling. I've been known to keep logs for 30 months at a time (generally when I thought I was rotating them daily, but was actually rotating them once a month)." -- Michael Lucas, in Big Scary Daemons article 'Controlling Bandwidth' --ALfTUftag+2gvp1h Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8RuR/Y3r/tLQmfWcRAn51AJ4hcJVZln4QK0RJ+LGTXMs+SQRWNQCeKqz2 WgK7zQuCXnThcW1/YiGBeRE= =0JPD -----END PGP SIGNATURE----- --ALfTUftag+2gvp1h-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-qa" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020117154935.G76860>