From owner-freebsd-stable  Wed Jan 16 15: 5:31 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from hardy.mskcc.org (hardy.mskcc.org [140.163.115.228])
	by hub.freebsd.org (Postfix) with ESMTP id A77C737B417
	for <stable@FreeBSD.ORG>; Wed, 16 Jan 2002 15:05:27 -0800 (PST)
Received: (from heath@localhost)
	by hardy.mskcc.org (8.9.3/8.9.3) id SAA11706;
	Wed, 16 Jan 2002 18:05:08 -0500
Date: Wed, 16 Jan 2002 18:05:08 -0500
From: Simon Heath <heath@hardy.mskcc.org>
To: Josh Tiefenbach <josh@zipperup.org>
Cc: Koji Hino <hino@ccrl.sj.nec.com>, stable@FreeBSD.ORG
Subject: Re: 4.5-RC1: Why sshd require opie for SSH version 2?
Message-ID: <20020116180508.A11693@hardy.mskcc.org>
References: <20020116.110509.05717273.hino@ccrl.sj.nec.com> <20020116155436.A28166@zipperup.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020116155436.A28166@zipperup.org>; from josh@zipperup.org on Wed, Jan 16, 2002 at 03:54:36PM -0500
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

> > After doing some tests, I found that connecting to this 4.5-RC1 box
> > from other machine by OpenSSH (without RSA/DSA key, nor rhost*auth,
> > assuming to use plain password to login), requires opie to login,
> > though /etc/opiekeys, and /etc/skeykeys are both size 0. If I start
> > openssh with flag '-1', which means to use OpenSSH version 1 protocol,
> > it works fine: require plain password. I checked 4.4-RELEASE machine,
> > and found that it works fine without '-1' flag, and even with '-2', it
> > works.
> 
> For what its worth, I (well, a friend) is seeing the same behavior.
> 
> Client: OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090601f (on Sun IIRC)
> Server: 
> FreeBSD khmer.jrt 4.4-STABLE FreeBSD 4.4-STABLE #4: Thu Dec  6 09:08:36 EST 2001
> OpenSSH_2.9 FreeBSD localisations 20011202, SSH protocols 1.5/2.0,
> OpenSSL 0x0090601f
> 
> Perhaps its an OpenSSH v3 thing? If I have some time tonite, I'll go compile
> up v3 someplace and check it out.
> 

As no one has mentioned this yet, editing /etc/ssh/sshd_config to uncomment
the line:

ChallengeResponseAuthentication no

does the trick (i.e., stops the opie requests).  I noticed this about a
month ago, but I'm not sure when it started.

Simon

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message