Re: Status of pam-1@ssh.com authentication in OpenSSH?

From: Neil W Rickert (rickert+nn_at_cs.niu.edu)
Date: 12/21/03 

Date: Sun, 21 Dec 2003 16:54:56 +0000 (UTC)

Eduardo Duenez <e_duenez@hotmail.com> writes:

>Like many others, I have run into the problem that OpenSSH doesn't seem
>to implement the pam-1@ssh.com authentication method. I did some
>Googling and found older messages from other users with the exact same
>problem as me. Succintly:

>*My (technology illiterate) employer implements a Pine mail service
>through SSH allowing *only* pam-1@ssh.com as the authentication method.

Maybe you need to persuade your employer to change.

>From the documentation that comes with the ssh.com product:

  2002-02-15 Sami J. Lehtinen <sjl@ssh.com>

        * PAM authentication no longer needs ssh-pam-client.

        * sshd2: added submethod "pam" to "keyboard-interactive". Prefer
          this over legacy "pam-1@ssh.com".

You are using a deprecated authentication method.

>debug1: Remote protocol version 2.0, remote software version 3.1.0 SSH
>Secure Shell (non-commercial)
>debug1: no match: 3.1.0 SSH Secure Shell (non-commercial)

Update the server software to a newer version. There are known
security weaknesses in that old version (3.1.0) that you are using.