Re: Password auth turned off in OpenSSH

From: C. Linus Hicks (lhicks_at_nc.rr.com)
Date: 10/12/04

  • Next message: Jimmy Pace: "OPENSSH" 
    To: Darren Tucker <dtucker@zip.com.au>
Date: 12 Oct 2004 01:43:38 -0400

    On Mon, 2004-10-11 at 20:48, Darren Tucker wrote:
    > C. Linus Hicks wrote:

    > In auth2.c, input_userauth_request() does a lookup of the authmethod
    > before actually attempting the authentication.
    >
    > /* try to authenticate user */
    > m = authmethod_lookup(method);
    > if (m != NULL) {
    > debug2("input_userauth_request: try method %s", method);
    > authenticated =>m->userauth(authctxt);
    > }
    >
    > and authmethod_lookup checks the "disabled" flag (this is what
    > "PasswordAuthentication no" sets) before returning the method. If you
    > have the password method disabled, the authentication will not be tested
    > by the server and the userauth request from the client will just fail.
    >
    > You can confirm this by turning up the debug level on sshd. You'll get
    > a "Unrecognized authentication method name: password" from
    > authmethod_lookup and you won't see the "try method" messages for these
    > requests.

    Okay, thanks for the comprehensive explanation. I have set logging level
    to debug3, restarted sshd, and re-opened the port in my firewall. I will
    have to wait a while and see what turns up in my logs. 

    -- 
C. Linus Hicks <lhicks@nc.rr.com>
  • Next message: Jimmy Pace: "OPENSSH"