bugzilla-daemon at mindrot.org
2003-May-30 03:37 UTC
[Bug 580] disable kbdint if host key mismatch
http://bugzilla.mindrot.org/show_bug.cgi?id=580
Summary: disable kbdint if host key mismatch
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: fcusack at fcusack.com
currently, password auth is disabled if the host key mismatches.
kbdint auth should probably also be disabled.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-May-30 03:39 UTC
[Bug 580] disable kbdint if host key mismatch
http://bugzilla.mindrot.org/show_bug.cgi?id=580 ------- Additional Comments From fcusack at fcusack.com 2003-05-30 13:39 ------- Created an attachment (id=314) --> (http://bugzilla.mindrot.org/attachment.cgi?id=314&action=view) disable kbdint on host key mismatch I had to move the "c/r auth sets kbdint auth" to before the call to check_host_key(). It might be better in readconf() but this was simpler, and other options are check post-readconf() as well anyway. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-May-30 03:43 UTC
[Bug 580] disable kbdint if host key mismatch
http://bugzilla.mindrot.org/show_bug.cgi?id=580 ------- Additional Comments From fcusack at fcusack.com 2003-05-30 13:43 ------- My patch just arbitrarily disables kbdint. An improvement would be to #ifdef PAM around the disable bits, since kbdint is safe without PAM (kbdint is used for internal challenge response methods). Unfortunately, with PAM you can't tell if it's safe to use or not, so to be on the safe side it should be disabled. An option could be added to control this, but I think that's unwise (too many options). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-May-30 03:47 UTC
[Bug 580] disable kbdint if host key mismatch
http://bugzilla.mindrot.org/show_bug.cgi?id=580
fcusack at fcusack.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #314 is|0 |1
obsolete| |
------- Additional Comments From fcusack at fcusack.com 2003-05-30 13:47
-------
Created an attachment (id=315)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=315&action=view)
disable kbdint on host key mismatch
oops, left in an extra line from my testing. here's an update
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Jun-04 08:24 UTC
[Bug 580] disable kbdint if host key mismatch
http://bugzilla.mindrot.org/show_bug.cgi?id=580
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From djm at mindrot.org 2003-06-04 18:24 -------
similar patch applied, thanks.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.