Hello all, is there any recent information on programming on how to add a new authentication method into OpenSSH / OpenSSL ?! Is there any other way, to add a new authentication method into openssh (one-time passwords), apart from adding the functions into sshconnect.c and sshconnect2.c Particularly I'm interested in information on "struct Authctxt" in sshconnect2 and sshuserauth2. Thank You very much in advance. Greetings, N. Linde PS: Please CC to me directly, since I'm not subscribed to the list. -- --------------------------------------------------------------- Dipl.-Inf. N. Currle-Linde Linde at hlrs.de Allmandring 30 http://www.hlrs.de/people/linde 70550 Stuttgart Tel.: 0711 / 685 5801
one-time passwords are supported, see auth-bsdauth.c auth-skey.c for example. there is no need to change the client side software. the client uses kbd-interactive in ssh2 and the tis protocol messages in ssh1. -m On Wed, May 22, 2002 at 04:34:18PM +0200, Natalia Currle-Linde wrote:> Hello all, > is there any recent information on programming on how to add a new > authentication method into OpenSSH / OpenSSL ?! > > Is there any other way, to add a new authentication method into openssh > (one-time passwords), apart from adding the functions into sshconnect.c > and sshconnect2.c > > Particularly I'm interested in information on "struct Authctxt" in > sshconnect2 and sshuserauth2. > > Thank You very much in advance. > > Greetings, > N. Linde > > PS: Please CC to me directly, since I'm not subscribed to the list. > -- > --------------------------------------------------------------- > Dipl.-Inf. N. Currle-Linde Linde at hlrs.de > Allmandring 30 http://www.hlrs.de/people/linde > 70550 Stuttgart Tel.: 0711 / 685 5801 > _______________________________________________ > openssh-unix-dev at mindrot.org mailing list > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
On Wed, 22 May 2002, Natalia Currle-Linde wrote:> Hello all, > is there any recent information on programming on how to add a new > authentication method into OpenSSH / OpenSSL ?! > > Is there any other way, to add a new authentication method into openssh > (one-time passwords), apart from adding the functions into sshconnect.c > and sshconnect2.c- Probably the easiest way to accomplish this would be to write a PAM module. There are existing PAM modules for several different kinds of authentication methods. Try looking on sourceforge.net for some examples. - Booker C. Bense
On Thu, 2002-05-23 at 00:41, Booker C. Bense wrote:> On Wed, 22 May 2002, Natalia Currle-Linde wrote: > > > Hello all, > > is there any recent information on programming on how to add a new > > authentication method into OpenSSH / OpenSSL ?! > > > > Is there any other way, to add a new authentication method into openssh > > (one-time passwords), apart from adding the functions into sshconnect.c > > and sshconnect2.c > > - Probably the easiest way to accomplish this would be to write a > PAM module. There are existing PAM modules for several different > kinds of authentication methods. Try looking on sourceforge.net > for some examples.Yes, but you still need to hook PAM up to kbd-int properly. It is currently broken with privsep. I posted a patch about 3 weeks ago to make it work, but got no feedback. Since privsep is going to activate by default in future and (IMO) privsep is more important than PAM, people really should start testing this... -d