[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh + opie?

On Fri, Aug 08, 2003 at 01:36:06AM -0400, Bradley Alexander wrote:
I tried to set this up again recently on another machine, and found that
privelege separation breaks this functionality. Does anyone know of a
workaround to provide similar functionality?

Short answer: use a newer version of ssh.
Long answer: libpam-opie works fine today if you set
"privilegeseperation no" and "pamauthenticationviakbdint yes" in your
sshd_config file. The downside to doing that is that you increase your
exposure in the event of certain ssh exploits. There are patches to ssh
that allow kbdint to work with privsep, and I think that they are
currently in the ssh cvs tree.
Mike Stone

Reply to: