Subject: Re: ssh2_exec.c does not support keyboard-interactive, intentional?

Re: ssh2_exec.c does not support keyboard-interactive, intentional?

From: Eric Tung <koikoi_at_gmail.com>
Date: Wed, 21 Apr 2010 11:13:41 -0700

> > ssh2.c blindly sends out the password;

> Big difference. Did you look at the kbdint RFC?

Yes. Did you look at ssh2.c? It blindly sends the password *for
keyboard-interactive*; my patch basically copies what it does. I'm not
saying that password and keyboard-interactive should be treated the
same way, this is clearly wrong. I am saying the libssh2 examples
should be consistent with each other.

> Or just use publickey and get decent security at the same time.

Absolutely. However, I just started looking into libssh2 and my
primary interest at this point is a proof-of-concept to make sure
things work for my use case, not to get everything perfect the first
go-around.

> I think an error message would already be a big improvement.

Sure.
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-04-21