Re: OpenSSH 3.7.1p1 & PAM authentication on Solaris 8

• Previous message: roy gordon: "login_limit count bumped without failure"
• In reply to: Aaron Sheard: "OpenSSH 3.7.1p1 & PAM authentication on Solaris 8"
• Next in thread: Darren Tucker: "Re: OpenSSH 3.7.1p1 & PAM authentication on Solaris 8"
• Reply: Darren Tucker: "Re: OpenSSH 3.7.1p1 & PAM authentication on Solaris 8"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 22 Jan 2004 16:55:08 -0800

On Mon, 19 Jan 2004 08:28:48 -0800, Aaron Sheard wrote:

I'm having a similar problem, with the binary from www.sunfreeware.com.
openssh-3.7.1p2
openafs-1.2.11

I have UsePAM set to yes.
I have entries in Solaris 8's /etc/pam.conf file that will allow
afs to authenticate with the same passwd (try_first_pass) that was
used to log in.
Darned box won't grab a token if I ssh in, but will grab a token
if I use CDE to log in locally (aka dtsession and dtlogin).
I turned up the messages that would be logged, so if anything
was available to help troubleshoot this then I'd see it,
but I don't see anything of value.

ssh remotely coming in:
Jan 22 16:02:39 fur sshd[3002]: [ID 800047 auth.info] Server listening on :: por
t 22.
Jan 22 16:02:39 fur sshd[3002]: [ID 800047 auth.info] Server listening on 0.0.0.
0 port 22.
Jan 22 16:02:50 fur sshd[3005]: [ID 800047 auth.info] Accepted password for pack
ard from 137.79.12.66 port 44280 ssh2

pam_afs is an extremely quiet module if things are going well.
I can tell that it won't grab an afs token though, meaning it won't
fall through /etc/pam.conf far enough to invoke the pam_afs module.

Here's a snippet of /etc/pam.conf:

login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
login auth sufficient /usr/lib/security/pam_afs.so try_first_pass
ignore_root
#
sshd auth requisite pam_authtok_get.so.1
sshd auth required pam_dhkeys.so.1
sshd auth required pam_unix_auth.so.1
sshd auth sufficient /usr/lib/security/pam_afs.so try_first_pass
ignore_root

Changing the name of sshd to ssh in the pam.conf file doesn't matter at
all.

Any ideas?

Regards, Scott

• Previous message: roy gordon: "login_limit count bumped without failure"
• In reply to: Aaron Sheard: "OpenSSH 3.7.1p1 & PAM authentication on Solaris 8"
• Next in thread: Darren Tucker: "Re: OpenSSH 3.7.1p1 & PAM authentication on Solaris 8"
• Reply: Darren Tucker: "Re: OpenSSH 3.7.1p1 & PAM authentication on Solaris 8"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: ssh gives "Permission denied, please try again" ... port 22 on your internal machine, so you will need to keep ssh up to ... I configure the router to forward a different external port to 22 on my ... For good measure pick usernames that are none obvious, ... root/password: 163 times ... (uk.comp.os.linux) [NEWS] SSH service at Dell DRAC4 Denial of Service (Mocana) ... SSH service at Dell DRAC4 Denial of Service ... Dell Remote Access Card 4 allows customers to effectively manage ... After the use of such a port scanner, ... (Securiteam) Re: Remote Desktop directly to another computer on the network ... default port... ... And there is no reason for me to believe that ssh ... When I have a multibillion company I will use the key pair, ... WinSCP for that to access my home SSH server. ... (microsoft.public.windowsxp.work_remotely) Re: SSH safety ... SSH safety (J.L. ... FC3 missing KDE menu items ... I was wondering how safe it is to open the ssh port up to the internet. ... (Fedora) Re: Mac `owned in hacking competition ... the router's port forwarding rules. ... The firewall or a NAT router only stops connections initiated from ... ssh will let you set up forwarded ports in both ... You start an ssh session from the target machine (this is ... (uk.comp.sys.mac)