IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Ambiguities in section 3.1 of the keyboard-interactive draft
Jeffrey Hutzelman <jhutz%cmu.edu@localhost> writes:
>On Wednesday, September 29, 2004 03:47:16 +1200 Peter Gutmann
><pgut001%cs.auckland.ac.nz@localhost> wrote:
>>(That's pretty weird behaviour: You can't send it a standard password,
>> but you can send it the password dressed up as keyboard-interactive auth
>> provided you don't tell it that it's a password).
>
>You mean, that you don't randomly make up a submethod name that the server
>has never heard of? Well, yes.
So OpenSSH's behaviour is as follows:
1. It immediately rejects attempts to auth.using any method it hasn't heard
of.
2. The methods it doesn't reject are undocumented.
This means that the only way to talk to an OpenSSH server is to act as if
there was an implicit requirement that clients MUST NOT set the submethods
field. With this behaviour OpenSSH isn't even compatible with itself, if a
future version of OpenSSH adds a new submethod, all current versions will
reject attempts to connect from the new version because they'll see a
submethod they don't recognise.
Peter.
Home |
Main Index |
Thread Index |
Old Index