[lug] ssh question

Scott A. Herod herod at dimensional.com
Mon Jul 22 16:19:38 MDT 2002 

I think S/Key is a one-time-only password generation and sync. tool. 
Check http://www.ece.nwu.edu/CSEL/skey/skey_eecs.html

My guess would be that the target machine expects you to respond with an
S/Key password.

Scott

"D. Stimits" wrote:
> 
> J. Wayde Allen wrote:
> > I'm trying to log into a machine (running FreeBSD) by typing:
> >
> >    ssh targetmachine.domain.org
> >
> > my understanding is that this "should" connect me to the system using my
> > current username, and in any other case I've tried this seems to work
> > fine.  However, in this particular instance I get the following (recalled
> > from memory as close as possible):
> >
> >    wallen at localhost:~$ ssh targetmachine.domain.org
> >    opt-MD5 wallen98127
> >    S/Key Passord:
> >
> > I'd expect to be asked for a password, but typing in the password for my
> > account on the targetmachine doesn't work.  This just loops about four or
> > five times before giving up.
> 
> The S/Key makes me think your private key was set to require a pass.
> This is a password to the key itself, set as a requirement during the
> key creation. I have never used S/Key, so I'm not sure exactly which
> keys are involved; perhaps it is only your key, perhaps it involves a
> machine key. I would look very closely at how the key was generated, and
> find out if there was a password requirement built into it. If I'm right
> about this, and the remote machine would require a password for the
> personal account itself, you'll end up with two password prompts: first
> the key pass, then the machine pass. If it is designed to allow you to
> login without a password on the machine itself (key-only auth), then you
> will still see a password required to use your key, but not the machine
> account.
> 
> >
> > My feeling is that the system is asking for an authentication key that I
> > evidently don't have.  I've tried running ssh-keygen to create a key, but
> > that didn't change anything.  I've also tried forcing a regular password
> > login using:
> 
> Make sure that during the key generation that you told it to not require
> passwords.
> 
> D. Stimits, stimits @ idcomm.com
> 
> >
> >    ssh -o "ChallengeResponseAuthentication no" targetmachine
> >    ssh -o "PasswordAuthentication yes" targetmachine
> >    ssh -o "PreferredAuthentications password" targetmachine
> >    ssh -o "PubkeyAuthentication no" targetmachine
> >
> > None of these seems to change the kind of message I get back.  Any ideas
> > ...?
> >
> > - Wayde
> >   (wallen at lug.boulder.co.us)

More information about the LUG mailing list