Re: Password-Authentification with openssh-3.1p1 fails
From: Chip (chip@cseraphine.com)Date: 03/14/02
- Next message: Bill Unruh: "Re: new SSH vulnerability?"
- Previous message: Nico Kadel-Garcia: "Re: Trouble with scp (newbie)"
- In reply to: Andreas Muck: "Re: Password-Authentification with openssh-3.1p1 fails"
- Next in thread: Andreas Muck: "Re: Password-Authentification with openssh-3.1p1 fails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: chip@cseraphine.com (Chip) Date: 13 Mar 2002 16:09:08 -0800
No real insight to offer, other than to say I am getting the same
issue on a RedHat 7.1 box being upgraded from 2.9p2 via the "official"
3.1 RPMs.
All user accounts are bounced with keys, and PAM seems convinced that
the passwords are always wrong (although, strangely, for root it says
that the account is expired). FTP and telnet are fine.
I backed out the 3.1 install to 2.9.2 and still got the same behavior
(!), which suggests it is in some odd configuration issue in the
interface between sshd and pine.
Anybody know what gives here?
fam.muck@telda.net (Andreas Muck) wrote in message news:<b408a2b3.0203120108.b3e674@posting.google.com>...
> Hallo Steven,
>
> steven@cwjamaica.com (Steven Conway) wrote:
>
> > Had that prob too on RH6.2 .. configure with --with-pam option and
> > create a sshd file in /etc/pam.d/ (Red Hat that is) Read the INSTALL
> > File it really explains what you need to do ...
>
> well, I thought I give as much debugging information as possible. But
> it seems that some fancy details are overseen in the huge amount of
> information:
>
> > Andreas Muck <fam.muck@telda.net> wrote:
> > > I compiled openssh-3.1p1 as follows (included in the src.rpm):
> > >
> > > ./configure \
> > > --mandir=%{_mandir} \
> > > --prefix=%{prefix} \
> > > --infodir=%{_infodir} \
> > > --sysconfdir=/etc/ssh \
> > > --libexecdir=%{prefix}/lib/ssh \
> > > --with-tcp-wrappers \
> > > --with-pam
> > > make
>
> and, of course:
>
> > > Here is my /etc/pam.d/sshd:
> > >
> > > #%PAM-1.0
> > > auth required /lib/security/pam_unix.so debug # \
> > > set_secrpc
> > > auth required /lib/security/pam_nologin.so
> > > auth required /lib/security/pam_env.so
> > > account required /lib/security/pam_unix.so
> > > password required /lib/security/pam_pwcheck.so md5 \
> > > use_cracklib
> > > password required /lib/security/pam_unix.so md5 \
> > > use_first_pass use_authtok
> > > session required /lib/security/pam_unix.so none # \
> > > trace or debug
> > > session required /lib/security/pam_limits.so
> > >
> > > This /etc/pam.d/sshd works fine with openssh-2.9.9p2 (SuSE-package).
>
> You can see that sshd is calling PAM:
>
> > > Here is server-output in debug-mode:
> [lots of output snipped]
> > > debug1: userauth-request for user andreas service ssh-connection
> > > method password
> > > debug1: attempt 4 failures 4
> > > debug1: PAM Password authentication for "andreas" failed[7]:
> > > Authentication failure
> > > Failed password for andreas from 127.0.0.1 port 1053 ssh2
>
> But PAM recognizes a wrong password:
>
> > > That is the part of /var/log/messages generated by PAM:
> > >
> > > Mar 9 20:14:55 home PAM-unix2[1045]: pam_sm_authenticate() called
> > > Mar 9 20:14:55 home PAM-unix2[1045]: username=[andreas]
> > > Mar 9 20:14:55 home PAM-unix2[1045]: wrong password, return \
> > > PAM_AUTH_ERR
>
> But you can be sure that I use the correct password! Something strange
> happens here.
>
> Meanwhile I wrote a bug report to the openssh-maintainers but up till
> now I've got no answer.
>
> Thanks & much greetings!
>
> Ciao
> Andreas
- Next message: Bill Unruh: "Re: new SSH vulnerability?"
- Previous message: Nico Kadel-Garcia: "Re: Trouble with scp (newbie)"
- In reply to: Andreas Muck: "Re: Password-Authentification with openssh-3.1p1 fails"
- Next in thread: Andreas Muck: "Re: Password-Authentification with openssh-3.1p1 fails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
