recompile sshd with OPIE?

freebsd-security_at_auscert.org.au
Date: 08/15/05

Next message: Dag-Erling Smørgrav: "Re: recompile sshd with OPIE?"

Previous message: Ken Hawkins: "Re: newbie with www user security problem"
Next in thread: Dag-Erling Smørgrav: "Re: recompile sshd with OPIE?"
Reply: Dag-Erling Smørgrav: "Re: recompile sshd with OPIE?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: freebsd-security@freebsd.org
Date: Mon, 15 Aug 2005 13:55:18 +1000

Hi,

I'm having trouble getting an answer to the following problem on -questions
- I hope someone here has done something similar and can help.

I'd like to compile support for FreeBSD OPIE into sshd. Presently I have
to use PAM to achieve one-time password support. On a 4.x system I have
in /etc/ssh/sshd_config

ChallengeResponseAuthentication yes

and in /etc/pam.conf

sshd auth sufficient pam_opie.so no_fake_prompts

To avoid the extra PAM process on 5.x, I'd prefer to just enable OPIE in
the sshd binary, but I'm not sure if this is possible with a commandline
option to make. I would like to rebuild it in the usual way:

# cd /usr/src/secure/usr.sbin/sshd
# make obj && make depend && make all install

but somehow define OPIE or, I think, include the configure option
--with-skey=PATH, or both.

Can this be achieved within the regular system build process, or must I
roll my own?

thanks,
joel

-- Joel Hatton --
Security Analyst | Hotline: +61 7 3365 4417
AusCERT - Australia's national CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
Qld 4072 Australia | Email: auscert@auscert.org.au
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Dag-Erling Smørgrav: "Re: recompile sshd with OPIE?"

Previous message: Ken Hawkins: "Re: newbie with www user security problem"
Next in thread: Dag-Erling Smørgrav: "Re: recompile sshd with OPIE?"
Reply: Dag-Erling Smørgrav: "Re: recompile sshd with OPIE?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

compiling other options into sshd
... I'd like to compile support for FreeBSD OPIE into sshd. ... to use PAM to achieve one-time password support. ... Rather than do this on a 5.x system now, I'd prefer to just enable OPIE ...
(freebsd-questions)
openssh and opie challenge
... From searching on google I found ... Is there a way to get sshd to display the opie challenge before ...
(comp.security.ssh)