Subject: s/key problem
To: None <port-vax@netbsd.org>
From: =?iso-8859-2?Q?Pawe=B3?= Krawczyk <kravietz@aba.krakow.pl>
List: port-vax
Date: 03/06/2002 06:50:37
Just moved to S/KEY authentication as SSH (even v1) eats most
of the CPU on my MicroVAX 3600. The only problem I've noticed
is a slight inconsequence in the documentation - the comments
in /etc/defaults/rc.conf suggest setting up hostname as FQDN
(hostname+domain), while this prevents S/KEY from working at
all. If you set up your hostname as FQDN e.g. vax.akg.krakow.pl
(my machine), S/KEY will generate challenges like `vax.91723'
and the dot is unacceptable for the S/KEY subsystem later. When
I've changed the hostname to simply `vax' it started to work
(challenges were like `vax91723'). It's easy to check when you
try:
$ skey 98 vax.92971
skey: seed must be alphanumeric
So this is probably a problem with S/KEY incorrectly
stripping one character too much from the FQDN when
generating challenge.
I don't know if this problem is specific to netbsd/vax
or not, so I send it to netbsd-bugs as well. The system
is NetBSD/vax 1.5.2-RELEASE.
--
Pawel Krawczyk * http://echelon.pl/kravietz/
Krakow, Poland * http://ipsec.pl/