[lug] ssh question
John E. Koontz
koontz at boulder.nist.gov
Tue Jul 23 18:48:15 MDT 2002
At 09:09 AM 7/23/2002 -0600, Wayde wrote:
> > What do you see with the -v parameter?
>
>About a solid screen full of banter between the two computers. The
>connection gets made, the two machines seem to be able to validate that
>they are who they say they are, etc.. This all looks good. Then the
>S/Key authentication starts.
This banter is usually good stuff (if verbose), when debugging ssh problems.
I've checked Barrett & Silverman's ORA ssh book. S/Key is a one-time
password scheme implemented only in OpenSSH
(http://www.ietf.cnri.reston.va.us/html.charters/otp-charter.html).
To keep the OpenSSH server (sshd) from supporting S/KEY use this keyword:
SkeyAuthentication no
See also
http://www.openbsd.org/cgi-bin/man.cgi?query=skey&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
With contemporary ssh2 authentication, it appears that if S/KEY is turned
on, you tend to get it by default. It may be that the
AllowedAuthentications and RequiredAuthentications (subset of former) don't
include password, which I think was what you wanted.
John E. Koontz
303-497-5180
More information about the LUG
mailing list