Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 580] disable kbdint if host key mismatch
bugzilla-daemon at mindrot
May 29, 2003, 7:37 PM
Post #1 of 5 (1770 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=580

Summary: disable kbdint if host key mismatch
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: fcusack@fcusack.com


currently, password auth is disabled if the host key mismatches.
kbdint auth should probably also be disabled.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 580] disable kbdint if host key mismatch [ In reply to ]
bugzilla-daemon at mindrot
May 29, 2003, 7:39 PM
Post #2 of 5 (1725 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=580





------- Additional Comments From fcusack@fcusack.com 2003-05-30 13:39 -------
Created an attachment (id=314)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=314&action=view)
disable kbdint on host key mismatch

I had to move the "c/r auth sets kbdint auth" to before the call to
check_host_key(). It might be better in readconf() but this was simpler,
and other options are check post-readconf() as well anyway.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 580] disable kbdint if host key mismatch [ In reply to ]
bugzilla-daemon at mindrot
May 29, 2003, 7:43 PM
Post #3 of 5 (1727 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=580





------- Additional Comments From fcusack@fcusack.com 2003-05-30 13:43 -------
My patch just arbitrarily disables kbdint. An improvement would be to
#ifdef PAM around the disable bits, since kbdint is safe without PAM
(kbdint is used for internal challenge response methods). Unfortunately,
with PAM you can't tell if it's safe to use or not, so to be on the safe
side it should be disabled. An option could be added to control this, but
I think that's unwise (too many options).




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 580] disable kbdint if host key mismatch [ In reply to ]
bugzilla-daemon at mindrot
May 29, 2003, 7:47 PM
Post #4 of 5 (1733 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=580

fcusack@fcusack.com changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #314 is|0 |1
obsolete| |



------- Additional Comments From fcusack@fcusack.com 2003-05-30 13:47 -------
Created an attachment (id=315)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=315&action=view)
disable kbdint on host key mismatch

oops, left in an extra line from my testing. here's an update



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 580] disable kbdint if host key mismatch [ In reply to ]
bugzilla-daemon at mindrot
Jun 4, 2003, 12:24 AM
Post #5 of 5 (1729 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=580

djm@mindrot.org changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED



------- Additional Comments From djm@mindrot.org 2003-06-04 18:24 -------
similar patch applied, thanks.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal