Subject: s/key problem
To: None <>
From: =?iso-8859-2?Q?Pawe=B3?= Krawczyk <>
List: port-vax
Date: 03/06/2002 06:50:37
Just moved to S/KEY authentication as SSH (even v1) eats most
of the CPU on my MicroVAX 3600. The only problem I've noticed
is a slight inconsequence in the documentation - the comments
in /etc/defaults/rc.conf suggest setting up hostname as FQDN
(hostname+domain), while this prevents S/KEY from working at
all. If you set up your hostname as FQDN e.g.
(my machine), S/KEY will generate challenges like `vax.91723'
and the dot is unacceptable for the S/KEY subsystem later. When
I've changed the hostname to simply `vax' it started to work
(challenges were like `vax91723'). It's easy to check when you

$ skey 98 vax.92971
skey: seed must be alphanumeric

So this is probably a problem with S/KEY incorrectly
stripping one character too much from the FQDN when
generating challenge.

I don't know if this problem is specific to netbsd/vax
or not, so I send it to netbsd-bugs as well. The system
is NetBSD/vax 1.5.2-RELEASE.

Pawel Krawczyk *
Krakow, Poland *