OpenSSH + OPIE
Piotr Majka
charvel w link.pl
Czw, 13 Sty 2000, 14:51:14 CET
Hej ;)
Jako że zauważyłem u was, że znajduje się także i openssh na składzie, to
może przyda się wam ów patch. Jakiś tydzień temu napisałem do autora
openssh'a czy zamierza wprowadzić także autentykacje poprzez opie. W
odpowiedzi dostałem patch do wersji 1.2pre17 - aczkolwiek iż zaszło wiele
zmian od wersji 1.2pre17 do obecnej 1.2.1pre25 to postanowiłem go
dostosować do ostatniej prewersji openssh - patch w attachu. Przy okazji
pytanie - dlaczego w PLD nie ma takich rzeczy jak właśnie OPIE, czy też
linux-skey (widział w ogóle ktoś sprawnie działająca implementacje S/Key'a
na linuxa - linux-skey jest w postaci modułów pamowych, niestety jego
bilioteka statyczna oraz header nie jest zgodny z ogólnie przyjętym
standardem s/key'a - wszystkie inne implementacje jakie widziałem nie
działały poprawnie (np skey-2.2) - stąd też nie daje się wykorzystać już
zaimplementowanego S/Key'a w openssh). Jeżeli tworzycie bezpieczną
dystrybucje czegoś takiego nie może zabraknąć, z drugiej strony, wiele
ludzi nie ma pojęcią o takiej identyfikacji i póki tego nie ujrzą
zaimplementowanego w jakieś dystrybucji to nie będą tego używać.
--
Piotr "Charvel" Majka | PGP & GPG Public Key: finger charvel w link.pl | Uin: 20873695
GCM d- s-:- a-- C++ UL++++ P+ L+++ E--- W+ N+++ !o !K w--- !O M V- PS+ PE !Y
PGP+ t--- !5 X R tv- b !DI D+ G++ e h r y++**
-------------- następna część ---------
diff -ruN openssh-1.2.1pre25.orig/Makefile.in openssh-1.2.1pre25/Makefile.in
--- openssh-1.2.1pre25.orig/Makefile.in Thu Jan 6 22:45:56 2000
+++ openssh-1.2.1pre25/Makefile.in Wed Jan 12 21:30:13 2000
@@ -31,7 +31,7 @@
GNOME_LIBS=`gnome-config --libs gnome gnomeui`
OBJS= atomicio.o authfd.o authfile.o auth-krb4.o auth-passwd.o auth-pam.o \
- auth-rhosts.o auth-rh-rsa.o auth-rsa.o auth-skey.o bsd-daemon.o \
+ auth-rhosts.o auth-rh-rsa.o auth-rsa.o auth-skey.o auth-opie.o bsd-daemon.o \
bsd-login.o bsd-misc.o bsd-mktemp.o bsd-snprintf.o bsd-strlcat.o \
bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o \
clientloop.o compress.o crc32.o deattack.o hostfile.o \
@@ -49,7 +49,7 @@
SSHOBJS= ssh.o sshconnect.o log-client.o readconf.o clientloop.o
-SSHDOBJS= sshd.o auth-rhosts.o auth-krb4.o auth-pam.o auth-passwd.o \
+SSHDOBJS= sshd.o auth-rhosts.o auth-krb4.o auth-pam.o auth-passwd.o auth-opie.o \
auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o \
serverloop.o bsd-login.o md5crypt.o
diff -ruN openssh-1.2.1pre25.orig/acconfig.h openssh-1.2.1pre25/acconfig.h
--- openssh-1.2.1pre25.orig/acconfig.h Thu Jan 6 02:03:13 2000
+++ openssh-1.2.1pre25/acconfig.h Wed Jan 12 21:30:13 2000
@@ -88,6 +88,9 @@
/* Define if you want S/Key support */
#undef SKEY
+/* Define if you want OPIE support */
+#undef OPIE
+
/* Define if you want TCP Wrappers support */
#undef LIBWRAP
diff -ruN openssh-1.2.1pre25.orig/auth-opie.c openssh-1.2.1pre25/auth-opie.c
--- openssh-1.2.1pre25.orig/auth-opie.c Thu Jan 1 01:00:00 1970
+++ openssh-1.2.1pre25/auth-opie.c Wed Jan 12 21:30:13 2000
@@ -0,0 +1,41 @@
+#include "includes.h"
+
+#ifdef OPIE
+RCSID("$Id: auth-opie.c,v 1.2 1999/12/18 16:38:03 tygrys Exp $");
+
+#include "ssh.h"
+#include "packet.h"
+
+#include <opie.h> /* Use libopie instead of some weird internal routines */
+
+/*
+ * Try OPIE authentication,
+ * return 1 on success, 0 on failure, -1 if OPIE is not available
+ */
+
+int auth_opie_password(struct passwd *pw, const char *password)
+{
+ struct opie opie;
+ int opieretval = 1;
+ char opieinfo[80];
+
+ if (strncasecmp(password, "opie", 4) == 0)
+ {
+ opieretval = opiechallenge(&opie, pw->pw_name, opieinfo);
+ if (opieretval)
+ debug("generating fake opieinfo for %.100s.", pw->pw_name);
+
+ if (opieinfo != NULL)
+ packet_send_debug((char *)opieinfo);
+ /* Try again */
+ return 0;
+ }
+ else
+ if (opieverify(&opie, (char *)password) == 0)
+ /* Authentication succeeded. */
+ return 1;
+
+ /* Fall back to ordinary passwd authentication. */
+ return -1;
+}
+#endif
diff -ruN openssh-1.2.1pre25.orig/auth-passwd.c openssh-1.2.1pre25/auth-passwd.c
--- openssh-1.2.1pre25.orig/auth-passwd.c Thu Jan 6 02:03:13 2000
+++ openssh-1.2.1pre25/auth-passwd.c Wed Jan 12 21:30:13 2000
@@ -56,6 +56,15 @@
/* Fall back to ordinary passwd authentication. */
}
#endif
+#ifdef OPIE
+ if (options.opie_authentication == 1) {
+ int ret = auth_opie_password(pw, password);
+ if (ret == 1 || ret == 0)
+ return ret;
+ /* Fall back to ordinary passwd authentication. */
+ }
+#endif
+
#ifdef KRB4
if (options.kerberos_authentication == 1) {
int ret = auth_krb4_password(pw, password);
diff -ruN openssh-1.2.1pre25.orig/config.h.in openssh-1.2.1pre25/config.h.in
--- openssh-1.2.1pre25.orig/config.h.in Fri Jan 7 04:47:11 2000
+++ openssh-1.2.1pre25/config.h.in Wed Jan 12 21:30:13 2000
@@ -88,6 +88,9 @@
/* Define if you want S/Key support */
#undef SKEY
+/* Define if you want OPIE support */
+#undef OPIE
+
/* Define if you want TCP Wrappers support */
#undef LIBWRAP
diff -ruN openssh-1.2.1pre25.orig/configure openssh-1.2.1pre25/configure
--- openssh-1.2.1pre25.orig/configure Fri Jan 7 04:47:11 2000
+++ openssh-1.2.1pre25/configure Wed Jan 12 21:30:13 2000
@@ -32,6 +32,8 @@
ac_help="$ac_help
--with-skey Enable S/Key support"
ac_help="$ac_help
+ --with-opie Enable OPIE support"
+ac_help="$ac_help
--with-tcp-wrappers Enable tcpwrappers support"
ac_help="$ac_help
--with-md5-passwords Enable use of MD5 passwords"
@@ -2905,6 +2907,17 @@
fi
+# Check whether --with-opie or --without-opie was given.
+if test "${with_opie+set}" = set; then
+ withval="$with_opie"
+
+ cat >> confdefs.h <<\EOF
+#define OPIE 1
+EOF
+ LIBS="$LIBS -lopie"
+
+
+fi
# Check whether --with-tcp-wrappers or --without-tcp-wrappers was given.
if test "${with_tcp_wrappers+set}" = set; then
diff -ruN openssh-1.2.1pre25.orig/configure.in openssh-1.2.1pre25/configure.in
--- openssh-1.2.1pre25.orig/configure.in Fri Jan 7 04:01:41 2000
+++ openssh-1.2.1pre25/configure.in Wed Jan 12 21:30:13 2000
@@ -472,6 +472,15 @@
]
)
+dnl Check whether user wants OPIE support
+AC_ARG_WITH(opie,
+ [ --with-opie Enable OPIE support],
+ [
+ AC_DEFINE(OPIE)
+ LIBS="$LIBS -lopie"
+ ]
+)
+
dnl Check whether user wants TCP wrappers support
AC_ARG_WITH(tcp-wrappers,
[ --with-tcp-wrappers Enable tcpwrappers support],
diff -ruN openssh-1.2.1pre25.orig/readconf.c openssh-1.2.1pre25/readconf.c
--- openssh-1.2.1pre25.orig/readconf.c Mon Dec 6 01:47:29 1999
+++ openssh-1.2.1pre25/readconf.c Wed Jan 12 21:30:13 2000
@@ -90,7 +90,7 @@
oBadOption,
oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
oPasswordAuthentication, oRSAAuthentication, oFallBackToRsh, oUseRsh,
- oSkeyAuthentication,
+ oSkeyAuthentication, oOPIEAuthentication,
#ifdef KRB4
oKerberosAuthentication,
#endif /* KRB4 */
@@ -119,6 +119,7 @@
{ "passwordauthentication", oPasswordAuthentication },
{ "rsaauthentication", oRSAAuthentication },
{ "skeyauthentication", oSkeyAuthentication },
+ { "opieauthentication", oOPIEAuthentication },
#ifdef KRB4
{ "kerberosauthentication", oKerberosAuthentication },
#endif /* KRB4 */
@@ -295,6 +296,9 @@
case oSkeyAuthentication:
intptr = &options->skey_authentication;
goto parse_flag;
+ case oOPIEAuthentication:
+ intptr = &options->opie_authentication;
+ goto parse_flag;
#ifdef KRB4
case oKerberosAuthentication:
@@ -594,6 +598,7 @@
options->rhosts_authentication = -1;
options->rsa_authentication = -1;
options->skey_authentication = -1;
+ options->opie_authentication = -1;
#ifdef KRB4
options->kerberos_authentication = -1;
#endif
@@ -649,6 +654,8 @@
options->rsa_authentication = 1;
if (options->skey_authentication == -1)
options->skey_authentication = 0;
+ if (options->opie_authentication == -1)
+ options->opie_authentication = 1;
#ifdef KRB4
if (options->kerberos_authentication == -1)
options->kerberos_authentication = 1;
diff -ruN openssh-1.2.1pre25.orig/readconf.h openssh-1.2.1pre25/readconf.h
--- openssh-1.2.1pre25.orig/readconf.h Mon Dec 6 01:47:29 1999
+++ openssh-1.2.1pre25/readconf.h Wed Jan 12 21:30:13 2000
@@ -37,6 +37,7 @@
* authentication. */
int rsa_authentication; /* Try RSA authentication. */
int skey_authentication; /* Try S/Key or TIS authentication. */
+ int opie_authentication; /* Try OPIE or TIS authentication. */
#ifdef KRB4
int kerberos_authentication; /* Try Kerberos
* authentication. */
diff -ruN openssh-1.2.1pre25.orig/servconf.c openssh-1.2.1pre25/servconf.c
--- openssh-1.2.1pre25.orig/servconf.c Thu Nov 25 01:54:59 1999
+++ openssh-1.2.1pre25/servconf.c Wed Jan 12 21:30:13 2000
@@ -57,6 +57,9 @@
#ifdef SKEY
options->skey_authentication = -1;
#endif
+#ifdef OPIE
+ options->opie_authentication = -1;
+#endif
options->permit_empty_passwd = -1;
options->use_login = -1;
options->num_allow_users = 0;
@@ -134,6 +137,10 @@
if (options->skey_authentication == -1)
options->skey_authentication = 1;
#endif
+#ifdef OPIE
+ if (options->opie_authentication == -1)
+ options->opie_authentication = 1;
+#endif
if (options->permit_empty_passwd == -1)
options->permit_empty_passwd = 1;
if (options->use_login == -1)
@@ -157,6 +164,9 @@
#ifdef SKEY
sSkeyAuthentication,
#endif
+#ifdef OPIE
+ sOPIEAuthentication,
+#endif
sPasswordAuthentication, sListenAddress,
sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
@@ -193,6 +203,9 @@
#ifdef SKEY
{ "skeyauthentication", sSkeyAuthentication },
#endif
+#ifdef OPIE
+ { "opieauthentication", sOPIEAuthentication },
+#endif
{ "checkmail", sCheckMail },
{ "listenaddress", sListenAddress },
{ "printmotd", sPrintMotd },
@@ -413,7 +426,11 @@
intptr = &options->skey_authentication;
goto parse_flag;
#endif
-
+#ifdef OPIE
+ case sOPIEAuthentication:
+ intptr = &options->opie_authentication;
+ goto parse_flag;
+#endif
case sPrintMotd:
intptr = &options->print_motd;
goto parse_flag;
diff -ruN openssh-1.2.1pre25.orig/servconf.h openssh-1.2.1pre25/servconf.h
--- openssh-1.2.1pre25.orig/servconf.h Thu Nov 25 01:54:59 1999
+++ openssh-1.2.1pre25/servconf.h Wed Jan 12 21:30:13 2000
@@ -72,6 +72,10 @@
int skey_authentication; /* If true, permit s/key
* authentication. */
#endif
+#ifdef OPIE
+ int opie_authentication; /* If true, permit OPIE
+ * authentication. */
+#endif
int permit_empty_passwd; /* If false, do not permit empty
* passwords. */
int use_login; /* If true, login(1) is used */
diff -ruN openssh-1.2.1pre25.orig/ssh-add.1.in openssh-1.2.1pre25/ssh-add.1.in
--- openssh-1.2.1pre25.orig/ssh-add.1.in Sun Dec 26 23:23:58 1999
+++ openssh-1.2.1pre25/ssh-add.1.in Wed Jan 12 21:30:13 2000
@@ -110,7 +110,9 @@
authentication and ticket passing.
.It
supports one-time password authentication with
-.Xr skey 1 .
+.Xr skey 1
+and
+.Xr opie 4 .
.El
.Pp
The libraries described in
diff -ruN openssh-1.2.1pre25.orig/ssh-agent.1.in openssh-1.2.1pre25/ssh-agent.1.in
--- openssh-1.2.1pre25.orig/ssh-agent.1.in Sun Dec 26 23:23:58 1999
+++ openssh-1.2.1pre25/ssh-agent.1.in Wed Jan 12 21:30:13 2000
@@ -157,7 +157,9 @@
authentication and ticket passing.
.It
supports one-time password authentication with
-.Xr skey 1 .
+.Xr skey 1
+and
+.Xr opie 4 .
.El
.Pp
The libraries described in
diff -ruN openssh-1.2.1pre25.orig/ssh-keygen.1.in openssh-1.2.1pre25/ssh-keygen.1.in
--- openssh-1.2.1pre25.orig/ssh-keygen.1.in Sun Dec 26 23:23:58 1999
+++ openssh-1.2.1pre25/ssh-keygen.1.in Wed Jan 12 21:30:13 2000
@@ -147,7 +147,9 @@
authentication and ticket passing.
.It
supports one-time password authentication with
-.Xr skey 1 .
+.Xr skey 1
+and
+.Xr opie 4 .
.El
.Pp
The libraries described in
diff -ruN openssh-1.2.1pre25.orig/ssh.1.in openssh-1.2.1pre25/ssh.1.in
--- openssh-1.2.1pre25.orig/ssh.1.in Sun Dec 26 23:23:58 1999
+++ openssh-1.2.1pre25/ssh.1.in Wed Jan 12 21:30:13 2000
@@ -369,7 +369,8 @@
debugging connection, authentication, and configuration problems.
The verbose mode is also used to display
.Xr skey 1
-challenges, if the user entered "s/key" as password.
+.Xr opie 4
+challenges, if the user entered "s/key" or "opie" as password.
.It Fl x
Disables X11 forwarding. This can also be specified on a per-host
basis in a configuration file.
@@ -675,6 +676,16 @@
.Dq no .
The default is
.Dq no .
+.It Cm OPIEAuthentication
+Specifies whether to use
+.Xr opie 4
+authentication. The argument to
+this keyword must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
.It Cm CheckHostIP
If this flag is set to
.Dq yes ,
@@ -967,7 +978,9 @@
authentication and ticket passing.
.It
supports one-time password authentication with
-.Xr skey 1 .
+.Xr skey 1
+and
+.Xr opie 4 .
.El
.Pp
The libraries described in
diff -ruN openssh-1.2.1pre25.orig/ssh.h openssh-1.2.1pre25/ssh.h
--- openssh-1.2.1pre25.orig/ssh.h Thu Dec 30 05:50:55 1999
+++ openssh-1.2.1pre25/ssh.h Wed Jan 12 21:30:13 2000
@@ -740,6 +740,10 @@
char *skey_fake_keyinfo(char *username);
int auth_skey_password(struct passwd * pw, const char *password);
#endif /* SKEY */
+#ifdef OPIE
+#include <opie.h>
+int auth_opie_password(struct passwd * pw, const char *password);
+#endif /* OPIE */
#ifdef USE_PAM
#include "auth-pam.h"
diff -ruN openssh-1.2.1pre25.orig/sshconnect.c openssh-1.2.1pre25/sshconnect.c
--- openssh-1.2.1pre25.orig/sshconnect.c Mon Jan 3 13:41:05 2000
+++ openssh-1.2.1pre25/sshconnect.c Wed Jan 12 21:30:13 2000
@@ -891,15 +891,15 @@
/*
* Tries to authenticate with any string-based challenge/response system.
- * Note that the client code is not tied to s/key or TIS.
+ * Note that the client code is not tied to S/Key, OPIE or TIS.
*/
int
-try_skey_authentication()
+try_otp_authentication()
{
int type, i, payload_len;
char *challenge, *response;
- debug("Doing skey authentication.");
+ debug("Doing OPIE authentication.");
/* request a challenge */
packet_start(SSH_CMSG_AUTH_TIS);
@@ -910,10 +910,11 @@
if (type != SSH_SMSG_FAILURE &&
type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
packet_disconnect("Protocol error: got %d in response "
- "to skey-auth", type);
+ "to opt-auth", type);
}
if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) {
- debug("No challenge for skey authentication.");
+ debug("No challenge for opt authentication.");
+
return 0;
}
challenge = packet_get_string(&payload_len);
@@ -937,7 +938,7 @@
return 1;
if (type != SSH_SMSG_FAILURE)
packet_disconnect("Protocol error: got %d in response "
- "to skey-auth-reponse", type);
+ "to opt-auth-reponse", type);
}
/* failure */
return 0;
@@ -1613,10 +1614,11 @@
if (try_rsa_authentication(options.identity_files[i]))
return;
}
- /* Try skey authentication if the server supports it. */
+ /* Try OPIE authentication if the server supports it. */
if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
- options.skey_authentication && !options.batch_mode) {
- if (try_skey_authentication())
+ (options.skey_authentication || options.opie_authentication) &&
+ !options.batch_mode) {
+ if (try_otp_authentication())
return;
}
/* Try password authentication if the server supports it. */
diff -ruN openssh-1.2.1pre25.orig/sshd.8.in openssh-1.2.1pre25/sshd.8.in
--- openssh-1.2.1pre25.orig/sshd.8.in Sun Dec 26 23:23:59 1999
+++ openssh-1.2.1pre25/sshd.8.in Wed Jan 12 21:30:13 2000
@@ -405,6 +405,14 @@
Note that s/key authentication is enabled only if
.Cm PasswordAuthentication
is allowed, too.
+.It Cm OPIEAuthentication
+Specifies whether
+.Xr opie 4
+authentiction is allowed. The default is
+.Dq yes .
+Note that OPIE authentication is enabled only if
+.Cm PasswordAuthentication
+is allowed, too.
.It Cm StrictModes
Specifies whether
.Nm
diff -ruN openssh-1.2.1pre25.orig/sshd.c openssh-1.2.1pre25/sshd.c
--- openssh-1.2.1pre25.orig/sshd.c Thu Dec 30 05:08:44 1999
+++ openssh-1.2.1pre25/sshd.c Wed Jan 12 22:15:25 2000
@@ -227,6 +227,10 @@
case SSH_CMSG_AUTH_TIS_RESPONSE:
return "s/key";
#endif
+#ifdef OPIE
+ case SSH_CMSG_AUTH_TIS_RESPONSE:
+ return "opie";
+#endif
}
fatal("get_authname: unknown auth %d: internal error", type);
return NULL;
@@ -875,6 +879,10 @@
if (options.skey_authentication == 1)
auth_mask |= 1 << SSH_AUTH_TIS;
#endif
+#ifdef OPIE
+ if (options.opie_authentication == 1)
+ auth_mask |= 1 << SSH_AUTH_TIS;
+#endif
if (options.password_authentication)
auth_mask |= 1 << SSH_AUTH_PASSWORD;
packet_put_int(auth_mask);
@@ -1178,6 +1186,11 @@
int type = 0;
void (*authlog) (const char *fmt,...) = verbose;
+#ifdef OPIE
+ int opieretval = 1;
+ struct opie opie;
+#endif
+
/* Indicate that authentication is needed. */
packet_start(SSH_SMSG_FAILURE);
packet_send();
@@ -1371,6 +1384,39 @@
xfree(response);
}
break;
+#endif
+#ifdef OPIE
+ case SSH_CMSG_AUTH_TIS:
+ debug("rcvd SSH_CMSG_AUTH_TIS");
+ if (options.opie_authentication == 1) {
+ char opieinfo[80];
+
+ opieretval = opiechallenge(&opie, pw->pw_name, opieinfo);
+ if (opieretval)
+ log("generating fake opieinfo for %.100s.", pw->pw_name);
+ if (opieinfo != NULL) {
+ /* we send our opie- in tis-challenge messages */
+ debug("sending challenge '%s'", opieinfo);
+ packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
+ packet_put_string((char *)opieinfo, strlen((char *)opieinfo));
+ packet_send();
+ packet_write_wait();
+ continue;
+ }
+ }
+ break;
+ case SSH_CMSG_AUTH_TIS_RESPONSE:
+ debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
+ if (options.opie_authentication == 1) {
+ char *response = packet_get_string(&dlen);
+ debug("opie response == '%s'", response);
+ packet_integrity_check(plen, 4 + dlen, type);
+ authenticated = (opieverify(&opie, response) == 0);
+ opieverify(&opie, (char *)NULL);
+ opieverify(&opie, (char *)NULL);
+ xfree(response);
+ }
+ break;
#else
case SSH_CMSG_AUTH_TIS:
/* TIS Authentication is unsupported */
@@ -1475,7 +1521,33 @@
strncasecmp(password, "s/key", 5) == 0 ) {
packet_send_debug(skeyinfo);
}
- }
+#endif
+#ifdef OPIE
+ (void)packet_read(&plen);
+#else /* OPIE */
+ int type = packet_read(&plen);
+ int dlen;
+ char *password;
+ struct opie opie;
+ char opiepwd[80];
+ /* Try to send a fake opie challenge. */
+ if (options.opie_authentication == 1 &&
+ opiechallenge(&opie, NULL, opiepwd) != 0) {
+ if (type == SSH_CMSG_AUTH_TIS) {
+ packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
+ packet_put_string((char *)opieinfo, strlen((char *)opieinfo));
+ packet_send();
+ packet_write_wait();
+ continue;
+ } else if (type == SSH_CMSG_AUTH_PASSWORD &&
+ options.password_authentication &&
+ (password = packet_get_string(&dlen)) != NULL &&
+ dlen == 4 &&
+ strncasecmp(password, "opie", 4) == 0 ) {
+ packet_send_debug((char *)opiepwd);
+ }
+
+
#endif
if (attempt > AUTH_FAIL_MAX)
packet_disconnect(AUTH_FAIL_MSG, user);
diff -ruN openssh-1.2.1pre25.orig/sshd_config.in openssh-1.2.1pre25/sshd_config.in
--- openssh-1.2.1pre25.orig/sshd_config.in Sun Dec 26 23:23:59 1999
+++ openssh-1.2.1pre25/sshd_config.in Wed Jan 12 21:30:13 2000
@@ -49,6 +49,11 @@
#SkeyAuthentication no
#
+# Uncomment to disable OPIE passwords (must be compiled with OPIE support)
+#
+#OPIEAuthentication no
+
+
# To change Kerberos options (must be compiled with Kerberos support)
#
#KerberosAuthentication no
Więcej informacji o liście dyskusyjnej pld-devel-pl