Subject: Re: ssh2_exec.c does not support keyboard-interactive, intentional?

Re: ssh2_exec.c does not support keyboard-interactive, intentional?

From: Peter Stuge <peter_at_stuge.se>
Date: Tue, 20 Apr 2010 20:18:58 +0200

Eric Tung wrote:
> > I don't think that blindly sending out the password is setting a
> > good example.
>
> I agree it's not correct, but I think it's more useful than an
> example which doesn't work and doesn't give an error message.

Maybe make it say "keyboard-interactive authentication not supported"
then? I think that would already be an improvement.

> ssh2.c blindly sends out the password;

Big difference. Did you look at the kbdint RFC?

"password" is a standardized authentication method in SSH for sending
one specific type of credential to the server; a password.

"keyboard-interactive" is a standardized authentication method in SSH
for having an arbitrary dialog between the server and the user
running the client.

Obviously the two can not be expected to work the same way.

Blame PAM, which implements password authentication using a generic
dialog.

Or just use publickey and get decent security at the same time.

> whichever way you want to go, you should make the examples match.

No, not really.

> I don't care enough to write getpass(), so hopefully someone else
> can pick it up.

I think an error message would already be a big improvement.

//Peter
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-04-20