>Also note that telnet or rlogin can detect if the user has an skey entry
>or not, and only ask for the OTP when needed. sshd should'nt ask for an OTP
>when there's none.

when the client connects to the server, the server indicates which
authentication methods it supports, otp being one of these.  the
client has no way of knowing which authentication methods will
actually work, and the client is the side of the model that actually
drives the authentication attempts by trying each one in turn.

when the client connects, the server doesn't know who is attempting to
log in, so it can't very well "tune" the methods it offers to the
user, since it doesn't know at that point in the protocol.  likewise,
to do so would be an information leak.

it's arguable that when the client offers an rsa key for
authentication purposes and the server offers a challenge, that the
server's response is an information leak, but that's neither here nor
there.  to attack that particular bit would require much more effort
than telnetting to someone's ftp port and entering a user name to see
if you are rewarded with an s/key challenge.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."