Re: Difference between "PasswordAuthentication yes" and "AllowedAuthentication password" ?

From: Peter Gutmann (pgut001_at_cs.auckland.ac.nz)
Date: 08/11/05

• Next message: Mark Edwards: "Zero administration sshd on windows?"
• Previous message: Richard E. Silverman: "Re: ssh passwordless"
• In reply to: h.wulff: "Difference between "PasswordAuthentication yes" and "AllowedAuthentication password" ?"
• Next in thread: Richard E. Silverman: "Re: Difference between "PasswordAuthentication yes" and "AllowedAuthentication password" ?"
• Reply: Richard E. Silverman: "Re: Difference between "PasswordAuthentication yes" and "AllowedAuthentication password" ?"
• Reply: h.wulff: "Re: Difference between "PasswordAuthentication yes" and "AllowedAuthentication password" ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 11 Aug 2005 12:01:27 GMT

h.wulff <zuhause@aol.com> writes:

>AFAIK the "PasswordAuthentication yes" enables cleartext passwords. But
>what happends to the passwd if AllowedAuthentication is password and
>PasswordAuthentication is no?

>I'm asking because I have to enable PasswordAuthentication to let an
>older version of cryptlib work. And this raises the question where the
>difference is...

This is with OpenSSH 3.8 or 3.9, right? The problem is that SSH has two types
of password authentication which are exactly the same only different, password
authentication, and password authentication with PAM. When you connect to
OpenSSH 3.8 or 3.9 and ask for "password" authentication, it thinks you want
password authentication rather than password authentication, and disconnects
saying you need to use password authentication. If you disable password
authentication then it falls back to password authentication, and everything
is OK (as I said, the two are exactly the same, only different).

Why are you still using an old version of cryptlib? Apart from sundry other
updates, the newer versions also detect the problematic OpenSSH versions and
fudge the authentication type they're using, so they'll use password
authentication instead of password authentication and everything will work.

Peter.

---

• Next message: Mark Edwards: "Zero administration sshd on windows?"
• Previous message: Richard E. Silverman: "Re: ssh passwordless"
• In reply to: h.wulff: "Difference between "PasswordAuthentication yes" and "AllowedAuthentication password" ?"
• Next in thread: Richard E. Silverman: "Re: Difference between "PasswordAuthentication yes" and "AllowedAuthentication password" ?"
• Reply: Richard E. Silverman: "Re: Difference between "PasswordAuthentication yes" and "AllowedAuthentication password" ?"
• Reply: h.wulff: "Re: Difference between "PasswordAuthentication yes" and "AllowedAuthentication password" ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages configuring pam for openssh ... openssh to use one-time passwords via libpam-opie. ... keyboard-interactive method seems to work with opie, ... fall back normal password authentication. ... flawed;-) understanding was that openssh only uses the pam auth ... (SSH) Re: OpenSSH and md5 ... If the problem is that password authentication doesn't work, ... - OpenSSH is compiled to use PAM, but you haven't configured PAM for SSH ... MD5 passwords ... (comp.security.ssh) Re: Password authentication fails ... > password authentication with Secure Shell, ... *PICK* one, either OpenSSH or Secure Shell, if possible. ... RedHat has a chance to really test in newer OpenSSH releases. ... (comp.security.ssh)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)