From owner-freebsd-questions@FreeBSD.ORG Tue Jan 13 13:55:19 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB99616A4CE for ; Tue, 13 Jan 2004 13:55:19 -0800 (PST) Received: from ei.bzerk.org (ei.xs4all.nl [213.84.67.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4A75743D3F for ; Tue, 13 Jan 2004 13:55:11 -0800 (PST) (envelope-from mail25@bzerk.org) Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1]) by ei.bzerk.org (8.12.10/8.12.10) with ESMTP id i0DLuso9064497; Tue, 13 Jan 2004 22:56:54 +0100 (CET) (envelope-from mail25@bzerk.org) Received: (from bulk@localhost) by ei.bzerk.org (8.12.10/8.12.10/Submit) id i0DLus2f064496; Tue, 13 Jan 2004 22:56:54 +0100 (CET) (envelope-from mail25@bzerk.org) X-Authentication-Warning: ei.bzerk.org: bulk set sender to mail25@bzerk.org using -f Date: Tue, 13 Jan 2004 22:56:54 +0100 From: Ruben de Groot To: Rishi Chopra Message-ID: <20040113215654.GA64436@ei.bzerk.org> References: <4003126E.5030107@cal.berkeley.edu> <20040113115550.GB23956@happy-idiot-talk.infracaninophile.co.uk> <20040113122853.GD57681@ei.bzerk.org> <40046367.3050305@cal.berkeley.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <40046367.3050305@cal.berkeley.edu> User-Agent: Mutt/1.4.1i cc: Ruben de Groot cc: questions@freebsd.org cc: Matthew Seaman Subject: Re: FreeBSD, SSH and "Enter Authentication Response" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2004 21:55:20 -0000 On Tue, Jan 13, 2004 at 01:30:15PM -0800, Rishi Chopra typed: > I've included copies of my /etc/ssh/ssh_config file and /etc/pam.d/ssh - > I'm running a default minimal installation of FreeBSD 5.2: > > etc/ssh/ssh_config: > > # Host * > # ForwardAgent no > # ForwardX11 no > # RhostsAuthentication no > # RhostsRSAAuthentication no > # RSAAuthentication yes > # PasswordAuthentication yes > # HostbasedAuthentication no As Matthew suggested, you can put the line ChallengeResponseAuthentication no in here. Then restart sshd good luck, Ruben > # BatchMode no > # CheckHostIP no > # StrictHostKeyChecking ask > # IdentityFile ~/.ssh/identity > # IdentityFile ~/.ssh/id_rsa > # IdentityFile ~/.ssh/id_dsa > # Port 22 > # Protocol 2,1 > # Cipher 3des > # Ciphers > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc > # EscapeChar ~ > # VersionAddendum FreeBSD-20030423 > > > /etc/pam.d/ssh > > # > # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $ > # > # PAM configuration for the "sshd" service > # > > # auth > auth required pam_nologin.so no_warn > auth sufficient pam_opie.so no_warn > no_fake_prompts > auth requisite pam_opieaccess.so no_warn allow_local > #auth sufficient pam_krb5.so no_warn > try_first_pass > #auth sufficient pam_ssh.so no_warn > try_first_pass > auth required pam_unix.so no_warn > try_first_pass > > # account > #account required pam_krb5.so > account required pam_login_access.so > account required pam_unix.so > > # session > #session optional pam_ssh.so > session required pam_permit.so > > # password > #password sufficient pam_krb5.so no_warn > try_first_pass > password required pam_unix.so no_warn > try_first_pass > > > Any ideas what I should change? > > -Rishi > > Ruben de Groot wrote: > > >On Tue, Jan 13, 2004 at 11:55:50AM +0000, Matthew Seaman typed: > > > > > >>On Mon, Jan 12, 2004 at 01:32:30PM -0800, Rishi Chopra wrote: > >> > >> > >>>I have a nitpicky question about logging into a FreeBSD machine and > >>>SSH. I'm using a minimal FreeBSD install and SSH Secure Shell client > >>>v3.2.0 - the crux of the problem is I am unable to "smoothly" login. > >>> > >>> > >>Which FreeBSD version? And are you running the OpenSSH server > >>supplied with the system or one from ports? > >> > >> > > > >Judging by name and version number, I think he's not running OpenSSH > >at all, but the other ssh implementation from ssh.org > > > > > > > >>>When I login to my machine, I'm prompted to enter an "authentication > >>>response". A window is displayed with "Enter Authentication Response" > >>>in the title bar, and two buttons at the bottom ('OK' and 'Cancel') - > >>>the text says: > >>> > >>> Enter your authentication response. > >>> Password: > >>> > >>> > >>Sounds like you've got the PAM based challenge-response authentication > >>enabled in your /etc/ssh/sshd_config (which is the default), but > >>your /etc/pam.conf (FreeBSD 4.x) or /etc/pam.d (FreeBSD 5.x) has a > >>modified configuration. > >> > >>Here are a couple of things to try -- > >> > >>Turn off Challenge-response authentication in /etc/ssh/sshd_config > >> > >>Change: > >> > >> #ChallengeResponseAuthentication yes > >> > >>to > >> > >> ChallengeResponseAuthentication no > >> > >>and then: > >> > >> # kill -HUP `cat /var/run/sshd.pid` > >> > >>to get it to reread the config. > >> > >>-- or -- > >> > >>Double check the PAM settings: they should look like this in /etc/pam.conf > >> > >> # OpenSSH with PAM support requires similar modules. The session one > >> is > >> # a bit strange, though... > >> sshd auth sufficient pam_skey.so > >> sshd auth sufficient pam_opie.so > >> no_fake_prompts > >> #sshd auth requisite pam_opieaccess.so > >> #sshd auth sufficient pam_kerberosIV.so > >> try_first_pass > >> #sshd auth sufficient pam_krb5.so > >> try_first_pass > >> sshd auth required pam_unix.so > >> try_first_pass > >> sshd account required pam_unix.so > >> sshd password required pam_permit.so > >> sshd session required pam_permit.so > >> > >>The /etc/pam.d case is similar, except you should have a file called > >>'sshd' in that directory, whose contents are similar, but without the > >>'sshd' entries in the first column. > >> > >> Cheers, > >> > >> Matthew > >> > >> > >>-- > >>Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks > >> Savill Way > >>PGP: http://www.infracaninophile.co.uk/pgpkey Marlow > >>Tel: +44 1628 476614 Bucks., SL7 1TH UK > >> > >> > > > > > > > > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"