Date: Mon, 10 Dec 2001 19:37:31 +0100 (CET) From: "Hartmann, O." <ohartman@klima.physik.uni-mainz.de> To: "Arthur W. Neilson III" <art@pilikia.net> Cc: freebsd-stable@freebsd.org Subject: Re: Fwd: Re: SSHD problems on P4 Message-ID: <20011210192724.A11284-100000@klima.physik.uni-mainz.de> In-Reply-To: <200112091835390730.16C6B93F@smtp>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 9 Dec 2001, Arthur W. Neilson III wrote: Hello. The problem I described has been solved - and it is one of the most unrevealed and undocumented "fact of interdependencies" in FreeBSD we have to live with. FreeBSD offers a lot of security mechanisms while a login process is active, and sometimes a simple login turns into a very complex entity. My fault has been triggered by the existence of /etc/login.access. While cvsupdating, mergemastering and then restoring several relevant files I accicdentaly installed an older version of login.access with some restrictions - only local logins where granted. I never figured out since the use of FreeBSD 2.0 we use here at our institute how FreeBSD's login procedures take care of the existence of several configuration files. There is auth.conf, login.conf, login.access, pam.conf, skey.access - and all of them take an effect on how logins are traeted. login.conf seems to me and several other students and scientists around here (and, of course, the administering stuff) to be a suitable configuration facility to arbitrate resources, logins and so on. But /etc/login.access has also an effect and there is this obscure file skey.access, which has an important influence while it exists. It is complex, but this is FreeBSD and it is not a toolbox for children like Wondooze ... Well, the fault of mine was not to be aware of this relationship of several login config files and ssh/pam stoped working at a explicitely defined point, not an error or bug - a feature! Sorry for all the trouble, but I feel better to see that there are many guys out here with a very high competence in administering FBSD. Oliver :>Mr. Hartman, just wanted to let you know I was able to resolve the problem I :>had with sshd which looked exactly like your problem. sshd was denying me :>access right after the pam step in the sshd debug output. :> :>Turned out the problem I had was because I had switched to ssh2 protocol :>and therefore needed to use id_rsa as my identity file instead of identity. :>I had to change these lines in my /etc/ssh/ssh_config from this :> :>IdentityFile ~/.ssh/identity :># IdentityFile ~/.ssh/id_dsa :># IdentityFile ~/.ssh/id_rsa :># Port 22 :>Protocol 1,2 :> :>to this :> :># IdentityFile ~/.ssh/identity :># IdentityFile ~/.ssh/id_dsa :>IdentityFile ~/.ssh/id_rsa :># Port 22 :>Protocol 2,1 :> :> -- MfG O. Hartmann ohartman@klima.physik.uni-mainz.de ------------------------------------------------------------------ IT-Administration des Institutes fuer Physik der Atmosphaere (IPA) ------------------------------------------------------------------ Johannes Gutenberg Universitaet Mainz Becherweg 21 55099 Mainz Tel: +496131/3924662 (Maschinenraum) Tel: +496131/3924144 (Buero) FAX: +496131/3923532 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011210192724.A11284-100000>