add skey to sshd: - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	markus <markus@openbsd.org>	1999-10-07 21:45:02 +0000
committer	markus <markus@openbsd.org>	1999-10-07 21:45:02 +0000
commit	2cbe402d16f007786082e20001df33fdb6f80adb (patch)
tree	db83314ae64407cb4f843ef29238e50d2f2d3006 /lib/libc/sys
parent	use pkg_add -I for ssl package (diff)
download	wireguard-openbsd-2cbe402d16f007786082e20001df33fdb6f80adb.tar.xz wireguard-openbsd-2cbe402d16f007786082e20001df33fdb6f80adb.zip

add skey to sshd:

1) pass *pw to auth_password() not user_name, do_authentication already keeps private copy of struct passwd for current user. 2) limit authentication attemps to 5, otherwise ssh -o 'NumberOfPasswordPrompts 100000' host lets you enter 100000 passwds 3) make s/key a run-time option in /etc/sshd_config 4) generate fake skeys, for s/key for nonexisting users, too limit auth-tries for nonexisting users, too. Note that % ssh -l nonexisting-user -o 'NumberOfPasswordPrompts 100000' host has NO limits in ssh-1.2.27

Diffstat (limited to 'lib/libc/sys')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: