OpenSSH_4.1p1 hangs on exit using PAM/ChallengeResponse

From: Dustin Hoff (dustin+ssh_at_dustinhoff.com)
Date: 08/01/05

  • Next message: Kai Howells: "Re: Effective bandwidth reduction over WAN" 
    Date: Mon, 1 Aug 2005 17:29:47 -0400
To: secureshell@securityfocus.com

    Hello,
    I am having some problems with 4.1p1 on Solaris 2.6-8 using the RSA
    PAM module (v5.3.2) for SecurID authentication. The initial login
    works fine, but the session hangs when I exit and it doesn't close
    until I kill the sshd on the server or close it with ~.. And no,
    I'm not running anything in the background.

    I have the following in /etc/pam.conf:
    sshd auth required pam_securid.so

    And the following relevant options in sshd_config:
    UsePAM yes
    UsePrivilegeSeparation no
    ChallengeResponseAuthentication yes
    PasswordAuthentication no

    This doesn't seem to be a general PAM problem because I don't have
    the problem if I configure sshd to use pam_unix_auth.so.1 instead
    of pam_securid.so. It also works if I disable ChallengeResponseAuth
    and enable PasswordAuth (though it still uses the SecurID and not
    the UNIX password), but the ChallengeResponse mode is much more
    useful because it asks for the PASSCODE or PASSWORD depending on
    specific RSA settings.

    I also tried 3.9p1 just for kicks, but it had the same behavior.

    Is this one of the "known" problems that the FAQ alludes to? Or
    am I missing something trivial?

    Thanks for any suggestions.

    Dustin

  • Next message: Kai Howells: "Re: Effective bandwidth reduction over WAN"