Re: Assistence with OpenSSH build/config on Red Hat 7.2
From: Brian (brianm_at_fsg1.nws.noaa.gov)
Date: 02/16/04
- Previous message: Brian: "Re: Assistence with OpenSSH build/config on Red Hat 7.2"
- In reply to: Darren Tucker: "Re: Assistence with OpenSSH build/config on Red Hat 7.2"
- Next in thread: Darren Tucker: "Re: Assistence with OpenSSH build/config on Red Hat 7.2"
- Reply: Darren Tucker: "Re: Assistence with OpenSSH build/config on Red Hat 7.2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 Feb 2004 16:10:16 -0500 To: Darren Tucker <dtucker@dodgy.net.au>
Darren Tucker wrote:
> In article <aPSdnTHxPawlBrPdRVn-jQ@adelphia.com>,
> Brian <brianm@fsg1.nws.noaa.gov> wrote:
>
>>Darren Tucker wrote:
>>
>>>Try: ./configure --with-pam --with-md5-passwords
>>>with "UsePAM yes", "ChallengeResponseAuthentication yes" and
>>>"PasswordAuthentication no" in sshd_config.
>>
>>Thanks for the tip. No luck though, do you have any other ideas?
>
>
> From the debugging in your original post:
> debug1: kbdint_alloc: devices ''
>
> This indicates that the PAM challenge-response context could not be
> initialized. This can happen if PAM is not enabled in the config
> (ie no "UsePAM yes") or if pam_start fails for some reason. I would
> guess that the original debugging was done without UsePAM=yes.
>
> I suggest you open a bug at bugzilla.mindrot.org and attach (note: do not
> paste into the text box) the output from sshd -ddd with the 3 options
> above in sshd_config. You may want to post the bug no. or a link to the
> bug here for the benefit of anyone following this thread.
>
THANK YOU! THANK YOU! THANK YOU!! :-)
It is working now and I'll give the details here to help anyone else who
may run into this problem.
I tried rebuilding 3.7.1p2 "one more time" before submitting to
Bugzilla. I used the following build options you suggested (plus
--with-tcp-wrappers) and make sequence:
./configure --with-pam --with-md5-passwords --with-tcp-wrappers \
--prefix=/usr/local/openssh
make clean
make -j3
make install
** Next comes the catch (I think)
Edited the resulting /usr/local/openssh/etc/sshd_config file as follows
per your original suggestions:
UsePAM yes
ChallengeResponseAuthentication yes
PasswordAuthentication no
I think that is where I got it wrong last time. After doing the make
install, the installed sshd_config file was set as follows:
#ChallengeResponseAuthentication yes
#UsePAM yes
I thought I'd read somewhere that these commented setting are defaults,
so that you only need to uncomment them if you are going to change their
values. Wrong! (I guess. At least in my case.) Once I uncommented those
lines and restarted sshd, I was able to connect and use password
authentication. Thanks a bunch!!!
- - -
I also went one step further and compiled an older version of OpenSSH --
3.6.1p1 -- to see if I would have success with that version and I did! I
used the same build options:
./configure --with-pam --with-md5-passwords --with-tcp-wrappers \
--prefix=/usr/local/openssh
make clean
make -j3
make install
** For this one, the default, out of the box sshd_config worked fine and
allowed NIS users to ssh in from other hosts. FYI, here are what I think
are the similar settings from the older OpenSSH config file:
#PAMAuthenticationViaKbdInt no
#PasswordAuthentication yes
#ChallengeResponseAuthentication yes
I did not uncomment them because I actually expected it to fail and then
I was going to set them similar to the 3.7.1p2 settings and make sure it
worked. It worked as is, so I decided not to disturb the default config
file.
Thanks again for your suggestions!
Brian
- Previous message: Brian: "Re: Assistence with OpenSSH build/config on Red Hat 7.2"
- In reply to: Darren Tucker: "Re: Assistence with OpenSSH build/config on Red Hat 7.2"
- Next in thread: Darren Tucker: "Re: Assistence with OpenSSH build/config on Red Hat 7.2"
- Reply: Darren Tucker: "Re: Assistence with OpenSSH build/config on Red Hat 7.2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
