Re: openssh + pam problem

From: Patrick Clohessy (auron_at_westnet.com.au)
Date: 10/02/03

  • Next message: Petty, Robert: "RE: 30GB file transfers using scp"
    To: Richard.Hopkins@bristol.ac.uk, secureshell@securityfocus.com
    Date: Thu, 2 Oct 2003 09:05:48 +0800
    
    

    I have 1000+ users and I can't get them all to set the auth type to
    keyboard interactive mode :(

    At the moment, I'm still using 3.6.1 (with patches) because the
    service needs to up.

    Is there a tool to check if my servers are indeed patched yet? I
    don't want the exploit, I'm just after a tool to check for it. I've
    tried nessus but that just checks version number.

    ---- Original Message ----
    From: Richard.Hopkins@bristol.ac.uk
    To: auron@westnet.com.au, secureshell@securityfocus.com
    Subject: Re: openssh + pam problem
    Date: Wed, 01 Oct 2003 09:23:36 +0100

    >
    >Using the Windows client from ssh.com, I've found that I can login
    >to any
    >of my servers by setting the authentication method to always be
    >"Profile
    >Settings". My profile settings (File/Profiles/Edit profiles/Quick
    >connect/Authentication) are set to be keyboard interactive then
    >password
    >then public key. The password prompt I get (when I get one) differs
    >depending on the server (whether it's pam enabled or not), but at
    >least I
    >don't have to mess with the authentication method at all any more.
    >
    >Cheers,
    >
    >Richard
    >
    >--On Tuesday, September 30, 2003 6:30 PM +0800 Patrick Clohessy
    ><auron@westnet.com.au> wrote:
    >
    >> Hi All
    >>
    >> I'm still having some troubles with openssh3.7.1.p2 and using pam
    >for
    >> authentication.
    >>
    >> I can't logon to my ssh server from any Windows client unless I set
    >> the auth type to keyboard interactive mode or unless it is a local
    >> account and not one on the ldap server.
    >>
    >> I can log in through openssh clients using ssh -t which shows they
    >> use keyboard-interactive mode.
    >>
    >> I have compiled opensh as follows :
    >>
    >> configure --with-pam
    >> make
    >> make install
    >>
    >> I have never had this problem with openssh3.6.1. Reverting back to
    >> open3.6.1 doesn't show anything about keyboard-interactive mode in
    >> the logs.
    >>
    >> logs :
    >>
    >> A success login shows (using an openssh client)
    >>
    >> debug1: userauth-request for user username service ssh-connection
    >> method keyboard-interactive
    >> debug1: attempt 1 failures 1
    >> debug1: keyboard-interactive devs
    >> debug1: auth2_challenge: user=username devs=
    >> debug1: kbdint_alloc: devices 'pam'
    >> debug1: auth2_challenge_start: trying authentication method 'pam'
    >> Postponed keyboard-interactive for username from ip port 39757 ssh2
    >> Postponed keyboard-interactive/pam for username from ip port 39757
    >> ssh2
    >> Accepted keyboard-interactive/pam for username from ip port 39757
    >ssh2
    >>
    >> An unsuccessful login shows (using Secure CRT)
    >>
    >> debug1: userauth-request for user username service ssh-connection
    >> method password
    >> debug1: attempt 1 failures 1
    >> Failed password for username from ip port 3501 ssh2
    >> Failed password for username from ip port 3501 ssh2
    >>
    >> Does anyone have any suggestions on fixing this?
    >>
    >> Thanks
    >>
    >> --
    >> Patrick Clohessy
    >>
    >>
    >>
    >
    >
    >
    >Richard Hopkins,
    >Information Services,
    >Computer Centre,
    >University of Bristol,
    >Bristol, BS8 1UD, UK
    >
    >Tel +44 117 928 7859
    >Fax +44 117 929 1576
    >
    >


  • Next message: Petty, Robert: "RE: 30GB file transfers using scp"