monkey SSH S/Key patch
----------------------

i wanted to use S/Key with SSH, but as a server-only hack (duh, the
reason you'd want to use OTPs with SSH in the first place is because
you don't trust the client). so here's a quick hack, short and stupid.

to build:

1. apply the patch to the clean ssh-1.2.23 distribution.

2. run configure and edit the resulting Makefile, adding
   -DMONKEY_SKEY_HACK to DEFS and -lskey to LIBS.

3. make and install.

to use from any standard Unix SSH client:

    ssh -v -o "NumberOfPasswordPrompts 5" <hostname>

and type "s/key" as your initial password. you will then be prompted
with an S/Key challenge. woo.

that is all.

-d.

---
http://www.monkey.org/~dugsong/

*** auth-passwd.c.orig	Wed May 13 23:11:57 1998
--- auth-passwd.c	Wed May 13 23:11:31 1998
***************
*** 269,274 ****
--- 269,278 ----
  static int securid_initialized = 0;
  #endif /* HAVE_SECURID */
  
+ #ifdef MONKEY_SKEY_HACK
+ #include <skey.h>
+ #endif /* MONKEY_SKEY_HACK */
+ 
  #ifdef KERBEROS
  #if defined(KRB5)
  #include <krb5.h>
***************
*** 473,478 ****
--- 477,486 ----
      }
  #else /* _AIX41 && HAVE_AUTHENTICATE */
  
+ #ifdef MONKEY_SKEY_HACK
+   char *skeyinfo = NULL;
+ #endif /* MONKEY_SKEY_HACK */
+ 
  #ifdef KERBEROS
    krb5_error_code problem;
    int krb5_options = KDC_OPT_RENEWABLE | KDC_OPT_FORWARDABLE;
***************
*** 504,509 ****
--- 512,529 ----
      return 0;
    saved_pw_name = xstrdup(pw->pw_name);
    saved_pw_passwd = xstrdup(pw->pw_passwd);
+ 
+ #ifdef MONKEY_SKEY_HACK
+   if (skey_haskey(pw->pw_name) == 0) {
+     if (strcasecmp(password, "s/key") == 0) {
+       skeyinfo = skey_keyinfo(pw->pw_name);
+       packet_send_debug(skeyinfo ? skeyinfo : "no s/key challenge");
+       return 0;
+     }
+     else if (skey_passcheck(pw->pw_name, password) != -1)
+       return 1;
+   }
+ #endif /* MONKEY_SKEY_HACK */
    
  #if defined(KERBEROS)
    if (options.kerberos_authentication)