Date: Wed, 16 Jan 2002 18:05:08 -0500 From: Simon Heath <heath@hardy.mskcc.org> To: Josh Tiefenbach <josh@zipperup.org> Cc: Koji Hino <hino@ccrl.sj.nec.com>, stable@FreeBSD.ORG Subject: Re: 4.5-RC1: Why sshd require opie for SSH version 2? Message-ID: <20020116180508.A11693@hardy.mskcc.org> In-Reply-To: <20020116155436.A28166@zipperup.org>; from josh@zipperup.org on Wed, Jan 16, 2002 at 03:54:36PM -0500 References: <20020116.110509.05717273.hino@ccrl.sj.nec.com> <20020116155436.A28166@zipperup.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > After doing some tests, I found that connecting to this 4.5-RC1 box > > from other machine by OpenSSH (without RSA/DSA key, nor rhost*auth, > > assuming to use plain password to login), requires opie to login, > > though /etc/opiekeys, and /etc/skeykeys are both size 0. If I start > > openssh with flag '-1', which means to use OpenSSH version 1 protocol, > > it works fine: require plain password. I checked 4.4-RELEASE machine, > > and found that it works fine without '-1' flag, and even with '-2', it > > works. > > For what its worth, I (well, a friend) is seeing the same behavior. > > Client: OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f (on Sun IIRC) > Server: > FreeBSD khmer.jrt 4.4-STABLE FreeBSD 4.4-STABLE #4: Thu Dec 6 09:08:36 EST 2001 > OpenSSH_2.9 FreeBSD localisations 20011202, SSH protocols 1.5/2.0, > OpenSSL 0x0090601f > > Perhaps its an OpenSSH v3 thing? If I have some time tonite, I'll go compile > up v3 someplace and check it out. > As no one has mentioned this yet, editing /etc/ssh/sshd_config to uncomment the line: ChallengeResponseAuthentication no does the trick (i.e., stops the opie requests). I noticed this about a month ago, but I'm not sure when it started. Simon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020116180508.A11693>