Date: Tue, 13 Jan 2004 21:55:51 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Rishi Chopra <rchopra@cal.berkeley.edu> Cc: questions@freebsd.org Subject: Re: FreeBSD, SSH and "Enter Authentication Response" Message-ID: <20040113215551.GA69353@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <40046367.3050305@cal.berkeley.edu> References: <4003126E.5030107@cal.berkeley.edu> <20040113115550.GB23956@happy-idiot-talk.infracaninophile.co.uk> <20040113122853.GD57681@ei.bzerk.org> <40046367.3050305@cal.berkeley.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--ew6BAiZeqk4r7MaW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jan 13, 2004 at 01:30:15PM -0800, Rishi Chopra wrote:
> I've included copies of my /etc/ssh/ssh_config file and /etc/pam.d/ssh -=
=20
> I'm running a default minimal installation of FreeBSD 5.2:
=20
> etc/ssh/ssh_config:
Um... /etc/ssh/sshd_config is more to the point -- ssh_config is for
the client side, ssh*d*_config is for the server side.
However if you've just installed the system then chances are the
sshd_config is unmodified from the default settings.
Try turning off the challenge-response stuff as I suggested in my
earlier e-mail. ie. make it so that sshd_config contains:
ChallengeResponseAuthentication no
> /etc/pam.d/ssh
That looks fine.
Hmmm... This does look like a peculiar interaction of your particular
SSH client software and the OpenSSH server code on FreeBSD.
Normally I'd suggest running the client side connection with debugging
turned up high, eg:
% ssh -v -v -v host.example.com
but I don't know what the equivalent of that is for the client
software you're using.
A very good diagnostic test though is to run the server side with the
debugging turned up. A good trick is to run it on an alternative port
so you can run it in parallel with your regular sshd. eg:
# sshd -d -d -d -p 24
You can then connect to the alternate port by:
% ssh host.example.com:24
This will produce quite a lot of output, and exit after the ssh
session. By comparing this output to the equivalent output from a
machine where you don't have the problem you should be able to tell
what the FreeBSD box is doing differently, and maybe work out how to
fix it. Be aware that the full debug output from sshd should not be
published as it can contain privileged information.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--ew6BAiZeqk4r7MaW
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFABGlndtESqEQa7a0RAqMEAKCEsR6YaoHhngbuiktyOWIOc1xPpgCeIKGr
JfDKMs7NCIw96RgRtaFGwTk=
=ucrF
-----END PGP SIGNATURE-----
--ew6BAiZeqk4r7MaW--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040113215551.GA69353>