В Thu, 11 Dec 2014 17:51:58 +0100
"Carlos E. R."
On 2014-12-11 17:27, Andrei Borzenkov wrote:
В Thu, 11 Dec 2014 16:24:39 +0100 "Carlos E. R." <> пишет:
Yes. PasswordAuthentication enables one of ssh authentication protocols (password). Another protocol is ChallengeResponse (keyboard-interactive). This can be configured to use virtually any authentication tokens; in combination with UsePAM and PAM default configuration it simply requests user password.
I see.
And, guessing, "password" is scriptable while keyboard-interactive is not. Maybe, as 'mc' has to call "something" to start sftp, it uses techniques akin to scripting.
"password" sends user passsword directly in athentication request; it is expected that password was obtained by SSH client from user, but SSH server has no idea about it. It makes it trivial to automate. "keyboard-interactive" relays challenges from SSH server to user and relays user responses back to SSH server (there is also provision for translating strings). So at least in theory it is unknown when and what had been requested. In practice I guess 99% of Linux systems out there are pretty much predictable ...
I don't know how easy would be for 'mc' to support keyboard-interactive instead. Then that is what we have to request upstream?
Yes. MC is based on libssh2 which offers library function for this so MC needs to "just" provide callback to display challenge and read response.