Re: Public key Authentication broken under HP-UX?

From: Ted Pardike (tpardike_at_utah.gov)
Date: 09/24/03

  • Next message: Darren Tucker: "Re: Public key Authentication broken under HP-UX?"
    Date: Wed, 24 Sep 2003 15:42:43 -0600
    To: <dtucker@zip.com.au>
    
    

    Darren,

    I have had problems with previous releases not automatically
    configuring with the defaults. So, I use the following to configure:
      SRC=/depot/software/openssh
      CCOPTS="-I /opt/sys_utils/include -L /opt/sys_utils/lib"
      export CCOPTS
      CFLAGS="+O3 +ESlit +Optrs_strongly_typed"
      export CFLAGS
     
      ./configure --prefix=/opt/openssh \
      --sysconfdir=/etc/ssh \
      --with-prngd-socket=/var/run/egd-pool \
      --with-ssl-dir=$SRC/openssl-0.9.7b \
      --with-zlib=$SRC/zlib-1.1.4 \
      --with-default-path=/usr/bin:/opt/openssh/bin \
      --with-tcp-wrappers \
      --with-pam \
      --without-privsep-user \
      --without-privsep-path

    So, "--with-pam" was specified.

    I saw the thread "SSHD 3.7.1p2 on HP-UX" on the openssh-unix-dev list.
    Security issues aside, is it safe to presume that I should stay with
    3.6.1p1 until the HP-UX (Trusted) issues get worked out?
    Also, is it the PAM/HP-UX issues that are preventing public key
    authentication above 3.6.1p1?

    Thanks,
    Ted

    >>> Darren Tucker <dtucker@zip.com.au> 9/24/2003 3:00:51 PM >>>
    Ted Pardike wrote:
    >
    > Darren,
    >
    > Thank-you for the reply.
    >
    > By the way, I tried 3.7.1p2 yesterday, and things are just getting
    > worse (I think it may be a PAM issue).
    > Messages found in syslog:
    > sshd[985]: User tpardike not allowed because account is locked
    > sshd[985]: input_userauth_request: illegal user tpardike

    As it says in the release notes, UsePAM now defaults to "no", you
    probably
    need to put "UsePAM yes" into your sshd_config. Unfortunately, there
    is a
    problem with non-PAM authentication on Trusted Mode HP-UX, see:
    http://bugzilla.mindrot.org/show_bug.cgi?id=633

    -- 
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
        Good judgement comes with experience. Unfortunately, the
    experience
    usually comes from bad judgement.
    

  • Next message: Darren Tucker: "Re: Public key Authentication broken under HP-UX?"

    Relevant Pages

    • Re: PAM and keyboard-interactive
      ... Emilio Casbas wrote: ... enable ChallengeResponseAuthentication and UsePAM in sshd_config. ... Darren Tucker ... Good judgement comes with experience. ...
      (SSH)
    • Re: OpenSSH (on Solaris) and forced p/w change
      ... > Darren Tucker ... > Good judgement comes with experience. ... Beata Jones ... UNIX Systems Consultant ...
      (comp.security.ssh)
    • Re: OpenSSH Password Aging/Expiration on UW2.1.3
      ... I need to install OpenSSH onto ... production boxes and am hesitate about loading experimental patches on these ... to which Darren Tucker replied with a link ... > Good judgement comes with experience. ...
      (comp.security.ssh)
    • Re: Public key Authentication broken under HP-UX?
      ... Ted Pardike wrote: ... As it says in the release notes, UsePAM now defaults to "no", you probably ... Darren Tucker (dtucker at zip.com.au) ... Good judgement comes with experience. ...
      (SSH)
    • Re: How to shutdown telnet, ftp and rsh on irix 6.5.9? THANKS
      ... Rodrick Brown, Richard E. Silverman, Darren Tucker, Nico ... that, try asking on one of the SGI groups, as this is an IRIX question ... not an ssh question. ... Good judgement comes with experience. ...
      (comp.security.ssh)