similar to: OPIE patch for current CVS

I just cobbled up a little patch to add support for OPIE to OpenSSH. Currently untested, but feedback is welcome. Wichert. -- _________________________________________________________________ / Nothing is fool-proof to a sufficiently talented fool \ | wichert at cistron.nl http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250

I see that you have s/key support in ssh, any plans to add opie support as well ? just asking ..

https://bugzilla.mindrot.org/show_bug.cgi?id=330 --- Comment #4 from Alessandro Soraruf <soraruf at ntd.homelinux.org> 2009-04-09 03:59:33 --- Created an attachment (id=1626) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1626) Patch to add support to OPIE -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because:

Hi, I'm having trouble getting an answer to the following problem on -questions - I hope someone here has done something similar and can help. I'd like to compile support for FreeBSD OPIE into sshd. Presently I have to use PAM to achieve one-time password support. On a 4.x system I have in /etc/ssh/sshd_config ChallengeResponseAuthentication yes and in /etc/pam.conf sshd auth

Hello folks, this looks about the only place I can find on issues dealing with the subject line. The message that got me posting is included below the line of *'s. Basically I've tried getting this working with Pam authentication and using the new login binary that comes with Opie 2.32. No joy. I am using RedHat 6.0 OpenSSH 2.3.0p1 Pam 0.66-18 I can get the opie challenge only on a

This is from the current CVS: % make ... In file included from config.h:629, from /home/mo/project/openssh_cvs/includes.h:20, from /home/mo/project/openssh_cvs/scp.c:77: /home/mo/project/openssh_cvs/defines.h:208: warning: redefinition of `clock_t' /usr/include/time.h:60: warning: `clock_t' previously declared here gcc -o scp scp.o -L.

Hallo all, Have a problem and while OPIE seems to be the solution, not sure it will work. The issue here is the only way I can access my remote box in single user mode is via telnetting to a termserv I have setup that connects to the FBSD servers serial port. Problem of course being that to log on to FBSD in single user mode I have to provide the root password in the clear. What I would like

Hi, I have a problem with the extern declarations of optarg, optind, etc. We're currently moving getopt from being a statically linked function to a dynamically linked function as part of the Cygwin DLL. On Windows, this requires to generate special symbols (__imp__optarg, etc.), which is done by marking the exported variables in the corresponding header. Instead of extern char *optarg;

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));

Hi, Is there any way to use something like OPIE (one-time passwords in everything, S/KEY) with dovecot? Here's what I want to do ultimately: * have an AUTH=XYZ method that relies on S/KEY as provided by the libpam-opie module (well, maybe not through pam) * have dovecot advertise authentication as follows: - local : PLAIN, XYZ - remote (encrypted) : EXTERNAL, and

Hi, the SETGROUPS_NOOP define is used only for Cygwin. But it's also combined with the HAVE_SETGROUPS test in bsd-misc.c. So, since setgroups() exists and is functional in Cygwin, this is actually a noop in the more general sense. The below patch drops that entirely. Corinna Index: acconfig.h =================================================================== RCS file:

I experienced a problem compiling openssh_cvs with IRIX 6.5.11f. % cc -version MIPSpro Compilers: Version 7.3.1.2m % cc -n32 -mips3 -O2 -OPT:Olimit=0 ..... -c auth.c cc-1515 cc: ERROR File = auth.c, Line = 100 A value of type "int" cannot be assigned to an entity of type "char *". while ((cp = getusershell()) != NULL) ^ 1 error detected in the

Hi. I have a question related to freebsd opie implementation. I am running 4.9-RELEASE and I've tried to setup opie. *** 1 *** opiepasswd/opiekey I've added user using `opiepasswd -c "ssa"` mx2# opiepasswd -c "ssa" Adding ssa: Only use this method from the console; NEVER from remote. If you are using telnet, xterm, or a dial-in, type ^C now or exit with

Hi, I've sent that patch once already but it seems more or less forgotten in the tumultuous days of the latest vulnerability. It adds a new define NO_IPPORT_RESERVED_CONCEPT which can be defined on platforms not supporting the concept of "privileged" ports only accessible by privileged users but which allow everyone to use these ports. This patch removes some Cygwin dependencies

Hi, did a search in the archives for "opie" and this is the most recent message on the topic I see: http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=98536878202858&w=2 Nigel, would you mind sending me the source for the module you've extracted from that other distribution? Also, if anyone is interested in looking at other OPIE PAM modules, here are two more: Andy

Hi, attached is a patch which solves the following problem: Sometimes scp could hang in Cygwin when used as remote end using the -t option. This is due to a binmode/textmode problem which could be raised by the login shell which is used by the user and it's setting of textmode on stdin. The patch solves that problem by explicitly setting binmode on stdin. Besides solving the hanging

Hi, I have added calls to `check_ntsec()' to the code which checks for the ownership and modes of identity files and directories. As you might know, check_ntsec() tests if owner/modes are supported by the OS (9x/ME=no, NT/W2K=yes), the filesystem (FAT/FAT32=no, NTFS=yes) and the current Cygwin settings (ntea/ntsec). Corinna Index: auth-rhosts.c

Hi, the following patch is a (hopefully least intrusive) extension when sshd is started so that it daemonizes itself. In that case Windows 9x/Me has a slight problem with sshd as soon as the current user logs off. The sshd daemon will be killed as well. Since installing services is very different between NT and 9x, the way used for NT boxes isn't working well for 9x. For that reason

Hi, the following patch fixes a potential security hole in the Cygwin version of sshd. If you're logging in to a Cygwin sshd with version 2 protocol using an arbitrary user name which is not in /etc/passwd, the forked sshd which is handling this connection crashes with a segmentation violation. The client side encounters an immediate disconnect ("Connection reset by peer").

Hi, something that I'd like to see for the next major release is "build OpenSSH without installing zlib and openssl". That is, I have a source tree with the following subdirectories: .../src/zlib-1.1.3/ /openssl-0.9.6/ /openssh_cvs/ and want "configure", run from openssh_cvs, to be able to find the zlib and openssl trees in the directory