From owner-freebsd-questions@FreeBSD.ORG  Tue Oct 19 16:27:24 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 20F6B16A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 19 Oct 2004 16:27:24 +0000 (GMT)
Received: from brightstar.bomgardner.net (brightstar.bomgardner.net
	[209.240.79.79])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8AAF843D48
	for <freebsd-questions@freebsd.org>;
	Tue, 19 Oct 2004 16:27:23 +0000 (GMT)
	(envelope-from listmail@Bomgardner.net)
Received: from [192.168.0.2] (morningstar [192.168.0.2])
	i9JGRmuA008582	for <freebsd-questions@freebsd.org>;
	Tue, 19 Oct 2004 11:27:49 -0500 (CDT)
	(envelope-from listmail@Bomgardner.net)
Message-ID: <41754057.80004@Bomgardner.net>
Date: Tue, 19 Oct 2004 11:27:03 -0500
From: listmail <listmail@Bomgardner.net>
User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: ssh refuses to use opie
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Oct 2004 16:27:24 -0000

Hi to all:

I'm using 5.2.1. My logs show attempts to break into my system via ssh, 
telnet, and ftp (I use strong passwords, thankfully) and so I'm 
tightening security. I have run into a problem, however - I've set 
things up so only two accounts can connect via ssh (telnet disabled 
outside the local net) and I've started using opie. However, ssh will 
not recognize and use opie. Local telnet does, as does ftpd, but not sshd.

 From /etc/sshd_config:
-----------------------------------------

AuthorizedKeysFile      .ssh/authorized_keys  (Not sure how this got 
uncommented)
AllowGroups grp1
PasswordAuthentication no
ChallengeResponseAuthentication yes

Subsystem   sftp  /usr/libexec/sftp-server
 

...... All other items commented out
=========================================

 From /etc/pam.d/sshd:
--------------------------------------------------

# auth

auth        required    pam_nologin.so          no_warn
auth        sufficient  pam_opie.so       no_warn no_fake_prompts
auth        requisite   pam_opieaccess.so no_warn allow_local
 

# account
account           required    pam_login_access.so
account           required    pam_unix.so

# session
session           required    pam_permit.so

# password
#password   sufficient  pam_krb5.so       no_warn try_first_pass
#password   required    pam_unix.so       no_warn try_first_pass

=======================================

If I read the handbook on SSH and the paper on PAM correctly, this 
should be working.
Anyone have any idea why it might not be?

thanx
Gene