Bug 580 - disable kbdint if host key mismatch
Summary: disable kbdint if host key mismatch
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: -current
Hardware: All All
: P2 normal
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-05-30 13:37 AEST by Frank Cusack
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:

Attachments
disable kbdint on host key mismatch (1.61 KB, patch)
2003-05-30 13:39 AEST, Frank Cusack 		no flags Details | Diff
disable kbdint on host key mismatch (1.56 KB, patch)
2003-05-30 13:47 AEST, Frank Cusack 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Frank Cusack 2003-05-30 13:37:27 AEST 
currently, password auth is disabled if the host key mismatches.
kbdint auth should probably also be disabled.
Comment 1 Frank Cusack 2003-05-30 13:39:23 AEST 
Created attachment 314 [details]
disable kbdint on host key mismatch

I had to move the "c/r auth sets kbdint auth" to before the call to
check_host_key().  It might be better in readconf() but this was simpler,
and other options are check post-readconf() as well anyway.
Comment 2 Frank Cusack 2003-05-30 13:43:04 AEST 
My patch just arbitrarily disables kbdint.  An improvement would be to
#ifdef PAM around the disable bits, since kbdint is safe without PAM
(kbdint is used for internal challenge response methods).  Unfortunately,
with PAM you can't tell if it's safe to use or not, so to be on the safe
side it should be disabled.  An option could be added to control this, but
I think that's unwise (too many options).
Comment 3 Frank Cusack 2003-05-30 13:47:34 AEST 
Created attachment 315 [details]
disable kbdint on host key mismatch

oops, left in an extra line from my testing.  here's an update
Comment 4 Damien Miller 2003-06-04 18:24:44 AEST 
similar patch applied, thanks.
Comment 5 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED