Re: recompile sshd with OPIE?
Date: 08/16/05

  • Next message: Dag-Erling Smørgrav: "Re: recompile sshd with OPIE?"
    To: (Dag-Erling Smørgrav)
    Date: Tue, 16 Aug 2005 14:32:00 +1000

    > writes:
    > > Can this be achieved within the regular system build process, or must I
    > > roll my own?
    > You need to change src/crypto/openssh/config.h so it says
    > /* #undef PAM */
    > #define SKEY 1
    > #define OPIE 1
    > instead of
    > #define PAM 1
    > /* #undef SKEY */
    > /* #undef OPIE */
    > then rebuild world.

    This may sound like a really silly question, but how do I enable it?

    After performing the changes above, I installed with:

    cd /usr/src/secure/usr.sbin/sshd
    make cleandir; make cleandir
    make obj && make depend && make all install

    There's no man[5] sshd_config entry, but through trial and error I
    identified an option that doesn't cause an error: SkeyAuthentication yes

    I couldn't get any permutation of OpieAuthentication/UseOPIE/... to work.

    However, attempts to connect to the running server with SkeyAuthentication
    enabled still gives:

            Permission denied (publickey).

    This is after creating an opiekey for the user (works for sudo, so is
    functional), and with these options enabled (+ defaults where not noted)
    in sshd_config:

    Port 22
    Protocol 2
    LogLevel VERBOSE
    PermitRootLogin no
    StrictModes yes
    HostbasedAuthentication no
    IgnoreUserKnownHosts yes
    IgnoreRhosts yes
    ChallengeResponseAuthentication no
    SkeyAuthentication yes
    AllowTcpForwarding no
    X11Forwarding yes
    Banner /etc/issue

    Can you point me in the right direction please?

    -- Joel Hatton --
    Security Analyst | Hotline: +61 7 3365 4417
    AusCERT - Australia's national CERT | Fax: +61 7 3365 7031
    The University of Queensland | WWW:
    Qld 4072 Australia | Email:
    _______________________________________________ mailing list
    To unsubscribe, send any mail to ""

  • Next message: Dag-Erling Smørgrav: "Re: recompile sshd with OPIE?"