Haven't seen this mentioned here (probably because I've been too
heads-down trying to figure out why things weren't working), but
there's a bug in OpenSSH 2.3.0p1 such that S/Key authentication will
always fail when using protocol 1. See patch below.
What I was really beating my head against was that, to have S/Key
authentication work when using protocol 2, you must enable both
SKeyAuthentication and KbdInteractiveAuthentication in sshd_config and
~/.ssh/config. You'd think the former would imply the latter, but it
doesn't. Also, there's no documentation on KbdInteractiveAuthentication,
as far as I can tell.
Dworkin
================================================================
*** auth1.c.orig Sun Feb 11 01:02:50 2001
--- auth1.c Sun Feb 11 01:02:52 2001
***************
*** 273,279 ****
if (options.skey_authentication == 1) {
char *skeyinfo = NULL;
if (pw != NULL)
! skey_keyinfo(pw->pw_name);
if (skeyinfo == NULL) {
debug("generating fake skeyinfo for %.100s.",
luser);
skeyinfo = skey_fake_keyinfo(luser);
--- 273,279 ----
if (options.skey_authentication == 1) {
char *skeyinfo = NULL;
if (pw != NULL)
! skeyinfo = skey_keyinfo(pw->pw_name);
if (skeyinfo == NULL) {
debug("generating fake skeyinfo for %.100s.",
luser);
skeyinfo = skey_fake_keyinfo(luser);
