How does OpenSSH server handle reply message 18 from AAA server in case of SCP - SSH

This is a discussion on How does OpenSSH server handle reply message 18 from AAA server in case of SCP - SSH ; Hi, I have an SSH server( also the receiver in this case) that uses a remote AAA server. I am curious about how SCP server handles reply message 18 configured on AAA server,sent to it after the authorization has taken ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: How does OpenSSH server handle reply message 18 from AAA server in case of SCP

  1. How does OpenSSH server handle reply message 18 from AAA server in case of SCP

    Hi,

    I have an SSH server( also the receiver in this case) that uses a
    remote AAA server. I am curious about how SCP server handles reply
    message 18 configured on AAA server,sent to it after the authorization
    has taken place and b4 the OK message has to be sent from SCP receiver
    to SCP sender? Is it sent to be displayed on the client (in this case
    the recv also) b4 the OK msg , ensuring that it does not confuse it
    with an improper-OK mesg?

    Regards,
    Naveen


  2. Re: How does OpenSSH server handle reply message 18 from AAA server in case of SCP

    On 2006-02-01, naveen.tamilmani@gmail.com wrote:
    > I have an SSH server( also the receiver in this case) that uses a
    > remote AAA server.


    AAA? As in "Authentication, Authorization and Accounting"? That's a
    generic term, do you mean something like TACACS+ or RADIUS?

    > I am curious about how SCP server handles reply
    > message 18 configured on AAA server,sent to it after the authorization
    > has taken place and b4 the OK message has to be sent from SCP receiver
    > to SCP sender? Is it sent to be displayed on the client (in this case
    > the recv also) b4 the OK msg , ensuring that it does not confuse it
    > with an improper-OK mesg?


    OpenSSH does not handle either TACACS or RADIUS itself, so its behaviour
    will depend on what the underlying interface is and how it behaves.
    If the interface is via PAM, then its behaviour will also depend on the
    version of OpenSSH, which is (I hope) improving, albeit slowly.

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

+ Reply to Thread