[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-bugs
Subject: user/1844: skey authentication for ssh 2.9 fails with hashes other than md5
From: jbenninghoff () mn ! rr ! com
Date: 2001-05-30 20:30:18
[Download RAW message or body]
>Number: 1844
>Category: user
>Synopsis: skey authentication for ssh 2.9 fails for hashes other than md5
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bugs
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed May 30 14:40:02 MDT 2001
>Last-Modified:
>Originator: John Benninghoff
>Organization:
net
>Release: OPENBSD_2_9
>Environment:
System : OpenBSD 2.9
Architecture: OpenBSD.i386
Machine : i386
>Description:
One-Time-Passwords generated with a hash other than md5 (the default)
do not work with ssh ChallengeResponseAuthentication. Passwords generated with
the md5 hash work fine.
>How-To-Repeat:
$ skeyinit -sha1
Password (or `s/key'): password
[Adding shadow]
Reminder - Only use this method if you are directly connected
or have an encrypted channel. If you are using telnet
or rlogin, exit with no password and use skeyinit -s.
Enter secret password: secret password
Again secret password: secret password
ID shadow skey is otp-sha1 99 doby22482
Next login password: SUB GAP GASH BURN SARA GOT
$ skey `skeyinfo`
Reminder - Do not use this program while logged in via telnet or rlogin.
Enter secret password: secret password
JUNE CITE MAP SING TOOT VOTE
$ ssh doby
shadow@doby's password:
Permission denied, please try again.
shadow@doby's password:
Permission denied, please try again.
shadow@doby's password:
otp-sha1 98 doby22482
S/Key Password: JUNE CITE MAP SING TOOT VOTE
otp-sha1 98 doby22482
S/Key Password: JUNE CITE MAP SING TOOT VOTE
otp-sha1 98 doby22482
S/Key Password: ^C
>Fix:
No idea how to fix.
Workaround: only use skeyinit -md5
>Audit-Trail:
>Unformatted:
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic