Hi, I've spent a lot of time digging the last couple days and seen some talk about how now with 3.7.1p1 the PAM challenge response requiring keyboard interactive on the client is "right" and no longer a kludge. I understand that. Unfortunately I've got a bunch of users who's client (www.ssh.com's client version 3.2.3) doesn't function without a kludged server. The package from www.ssh.com come's with a Windows GUI based client and a "DOS" command line only client.The GUI client does suport keyboard interactive and thus does work ok with PAM and 3.7.1p1 server but the "DOS" command line only client (ssh2.exe) does NOT. This stinks for me since its the command line version I've got them all using in a DOS batch file. All it does is connect to the server and forward local port 139 in order to encrypt samba. Authentication is done with pam_smb PAM module. Anyhow, I realize its a client side problem but I'm writing to suggest an option be put into the next version of openssh to revert to the old "kludged" method of challenge response giving administrators the ability to maintain compabitability with broken and handicapped clients if they wish to do so. As it stands I've been forced to revert to an older version of sshd and am going to have to get some firewall rules in place real soon now. Thankyou, Tom Schaefer UNIX Administrator University of Missouri Saint Louis I put openssh 3.7.1p1 on a server and
On Wed, 2003-09-24 at 09:17, Tom Schaefer wrote:> Hi, >[...]> Anyhow, I realize its a client side problem but I'm writing to suggest > an option be put into the next version of openssh to revert to the old > "kludged" method of challenge response giving administrators the > ability to maintain compabitability with broken and handicapped > clients if they wish to do so.Yikes. I hear your pain, but it's almost like buying a new car with an option for a "recalled" feature that causes the brakes to fail intermittently, but otherwise things are "normal."> As it stands I've been forced to revert to an older version of sshd > and am going to have to get some firewall rules in place real soon > now.Any chance of using putty or some such thing, instead?? It doesn't seem to be b0rk3n. -- Austin Gonyou <austin at coremetrics.com> Coremetrics, Inc.
>Any chance of using putty or some such thing, instead?? It doesn't seem >to be b0rk3n.Well yes, thats what I ended up doing this week, converting all those MS Windows clients. But not to Putty, to Openssh! There is actually a MS Windows binary distribution of Openssh, complete with an installer available at http://lexa.mckenna.edu/sshwindows/ Tom Schaefer