Re: openssh + pam problem

• Previous message: Mak, Andrew: "RE: 30GB file transfers using scp"
• Maybe in reply to: Richard Hopkins: "Re: openssh + pam problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Richard.Hopkins@bristol.ac.uk, secureshell@securityfocus.com
Date: Thu, 2 Oct 2003 09:05:48 +0800

I have 1000+ users and I can't get them all to set the auth type to
keyboard interactive mode :(

At the moment, I'm still using 3.6.1 (with patches) because the
service needs to up.

Is there a tool to check if my servers are indeed patched yet? I
don't want the exploit, I'm just after a tool to check for it. I've
tried nessus but that just checks version number.

---- Original Message ----
From: Richard.Hopkins@bristol.ac.uk
To: auron@westnet.com.au, secureshell@securityfocus.com
Subject: Re: openssh + pam problem
Date: Wed, 01 Oct 2003 09:23:36 +0100

>
>Using the Windows client from ssh.com, I've found that I can login
>to any
>of my servers by setting the authentication method to always be
>"Profile
>Settings". My profile settings (File/Profiles/Edit profiles/Quick
>connect/Authentication) are set to be keyboard interactive then
>password
>then public key. The password prompt I get (when I get one) differs
>depending on the server (whether it's pam enabled or not), but at
>least I
>don't have to mess with the authentication method at all any more.
>
>Cheers,
>
>Richard
>
>--On Tuesday, September 30, 2003 6:30 PM +0800 Patrick Clohessy
><auron@westnet.com.au> wrote:
>
>> Hi All
>>
>> I'm still having some troubles with openssh3.7.1.p2 and using pam
>for
>> authentication.
>>
>> I can't logon to my ssh server from any Windows client unless I set
>> the auth type to keyboard interactive mode or unless it is a local
>> account and not one on the ldap server.
>>
>> I can log in through openssh clients using ssh -t which shows they
>> use keyboard-interactive mode.
>>
>> I have compiled opensh as follows :
>>
>> configure --with-pam
>> make
>> make install
>>
>> I have never had this problem with openssh3.6.1. Reverting back to
>> open3.6.1 doesn't show anything about keyboard-interactive mode in
>> the logs.
>>
>> logs :
>>
>> A success login shows (using an openssh client)
>>
>> debug1: userauth-request for user username service ssh-connection
>> method keyboard-interactive
>> debug1: attempt 1 failures 1
>> debug1: keyboard-interactive devs
>> debug1: auth2_challenge: user=username devs=
>> debug1: kbdint_alloc: devices 'pam'
>> debug1: auth2_challenge_start: trying authentication method 'pam'
>> Postponed keyboard-interactive for username from ip port 39757 ssh2
>> Postponed keyboard-interactive/pam for username from ip port 39757
>> ssh2
>> Accepted keyboard-interactive/pam for username from ip port 39757
>ssh2
>>
>> An unsuccessful login shows (using Secure CRT)
>>
>> debug1: userauth-request for user username service ssh-connection
>> method password
>> debug1: attempt 1 failures 1
>> Failed password for username from ip port 3501 ssh2
>> Failed password for username from ip port 3501 ssh2
>>
>> Does anyone have any suggestions on fixing this?
>>
>> Thanks
>>
>> --
>> Patrick Clohessy
>>
>>
>>
>
>
>
>Richard Hopkins,
>Information Services,
>Computer Centre,
>University of Bristol,
>Bristol, BS8 1UD, UK
>
>Tel +44 117 928 7859
>Fax +44 117 929 1576
>
>

• Previous message: Mak, Andrew: "RE: 30GB file transfers using scp"
• Maybe in reply to: Richard Hopkins: "Re: openssh + pam problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]