add skey to sshd:

1) pass *pw to auth_password() not user_name, do_authentication already
   keeps private copy of struct passwd for current user.
2) limit authentication attemps to 5, otherwise
        ssh -o 'NumberOfPasswordPrompts 100000' host
   lets you enter 100000 passwds
3) make s/key a run-time option in /etc/sshd_config
4) generate fake skeys,
   for s/key for nonexisting users, too
   limit auth-tries for nonexisting users, too.
Note that
% ssh -l nonexisting-user -o 'NumberOfPasswordPrompts 100000' host
has NO limits in ssh-1.2.27

1 files changed, 7 insertions, 2 deletions

diff --git a/usr.bin/ssh/ssh.h b/usr.bin/ssh/ssh.h
index 1586ace8b22..756a795b8bc 100644
--- a/usr.bin/ssh/ssh.h
+++ b/usr.bin/ssh/ssh.h
@@ -13,7 +13,7 @@ Generic header file for ssh.
 
 */
 
-/* RCSID("$Id: ssh.h,v 1.8 1999/10/05 22:18:52 markus Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.9 1999/10/07 21:45:02 markus Exp $"); */
 
 #ifndef SSH_H
 #define SSH_H
@@ -260,7 +260,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
 
 /* Tries to authenticate the user using password.  Returns true if
    authentication succeeds. */
-int auth_password(const char *server_user, const char *password);
+int auth_password(struct passwd *pw, const char *password);
 
 /* Performs the RSA authentication dialog with the client.  This returns
    0 if the client could not be authenticated, and 1 if authentication was
@@ -583,4 +583,9 @@ int radix_to_creds(const char *buf, CREDENTIALS *creds);
 
 #endif /* KRB4 */
 
+#ifdef SKEY
+#include <skey.h>
+char *skey_fake_keyinfo(char *username);
+#endif /* SKEY */
+
 #endif /* SSH_H */