From nobody Mon Jan 29 18:30:52 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TNxhC3xycz599sG for ; Mon, 29 Jan 2024 18:31:07 +0000 (UTC) (envelope-from walterp@gmail.com) Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TNxhB19F5z56cj for ; Mon, 29 Jan 2024 18:31:06 +0000 (UTC) (envelope-from walterp@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-yb1-xb31.google.com with SMTP id 3f1490d57ef6-dc261316b0dso2575079276.3 for ; Mon, 29 Jan 2024 10:31:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706553064; x=1707157864; darn=freebsd.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=vMT+If5oCKfxHHIBig5O2QyRS3bwjjMNaVhWgVm7k3Q=; b=PLFQgMOOo7MqAJc+8kL9C/PcJSp+b2ZmdSGinZOUM8eOVtnYvAQtSOJIhHkkSwA7iw eRXf1G1K91UWPVBHhTMi6jamdZ/Jn7zbMiSFxe1gwxuBSN9s7w2otpApGSN+yDk3YqF8 x8QsumwPX4ZKhvnP011xybeuAJUA89sOLMGEHUcJLOORJ9XFoUZLt/WnTQXpf+iMFHLN UTumFnWPAD6iiVgKqZa+yEIRfUn2hobvhsdqsU27AONLcpPLtysxzs9AK/65zghk4mqP LtXuFytHl45uxYXougZm4aI78/Gx0FQnn7sx9fHMa2foN1lDJntc+nK+pnJZOMHvlWNq rg3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706553064; x=1707157864; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vMT+If5oCKfxHHIBig5O2QyRS3bwjjMNaVhWgVm7k3Q=; b=lk45F7zygzYaaNRhQQHbRtZA2t9+gaBPvRfWiPDkWSITqKl0ny1HLk8w0G5SzMVOrR uKDWxjQ4fNKfD8Uc3R7N+GT8cXyeCmq4oP4rhEb6m1wDfCyo9N6xzvgM6jzinz/TvSNT gtIHyn6tlDLSV3/FDWQnP+D0tF21gfHmBP7YzAHj/QcUFOWn7/vS+f8AlAyr04Y4tuxu CCMUHEKlmkEfc8X6BnmZ8OMDBiGctesHQujdIk0PgtOdsLy5OlYezNYrtEW+nuNPxeiW CkQX86AX32krCrAbFJtVXI/uTIiph4DTcLqTWzK10ax+mogHpYPxx8yBqmoUIuJvQ4Th q05Q== X-Gm-Message-State: AOJu0YyomASb51e2UGrWV1vdqpIRsBU6/Iw8U0ao9486zb6IxZklWlEv Vmv9Z/hy8q48fjJYNhQExRnQURvzUgWjRwzYDX1PmYbgW6asEyuv6HuaVirTNBRUE7N2QK5rJZw 0rsP3ZAPfrJRHRJ9RKpoWoSYB2nz6GQSK X-Google-Smtp-Source: AGHT+IG6KKwwjfvTHjLJfPT3oRBBbgu77qTweCRLAXzAEL1LvEK8Ebqxz9QGhD5n5Lhd4b/a1CZzuUdJTCMW4gztQcc= X-Received: by 2002:a25:6941:0:b0:dc2:20c8:66a4 with SMTP id e62-20020a256941000000b00dc220c866a4mr3695283ybc.123.1706553063814; Mon, 29 Jan 2024 10:31:03 -0800 (PST) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References: <20240129125745.fuh6nnc4dooto2oz@yosemite.mars.lan> <20240129134722.fbwrvamdf2wx4vik@yosemite.mars.lan> <4f60fad9-c5b1-46ea-bfbf-7e654bd5d3d1@FreeBSD.org> <20240129155758.2nnyjihsyiyxztib@yosemite.mars.lan> In-Reply-To: <20240129155758.2nnyjihsyiyxztib@yosemite.mars.lan> From: Walter Parker Date: Mon, 29 Jan 2024 10:30:52 -0800 Message-ID: Subject: Re: Enabling SSHD To: paulf@quillandmouse.com Cc: freebsd-questions@freebsd.org Content-Type: multipart/alternative; boundary="00000000000028ba13061019d96d" X-Rspamd-Queue-Id: 4TNxhB19F5z56cj X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] --00000000000028ba13061019d96d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable For a permission denied error, check to see if the files have the correct permission (home dir, -/.ssh, other files as used). Also check your client to make sure it has the proper permissions. The other way to find errors is to start sshd (from the command line) with -d and/or -v flags and then try to connect using your ssh client. The sshd server will out logging as to what the errors are. It may tell you what is causing the permission denied error. Walter The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandei= s On Mon, Jan 29, 2024 at 7:58=E2=80=AFAM Paul M Foster wrote: > On Mon, Jan 29, 2024 at 02:15:19PM +0000, Matthew Seaman wrote: > > [snip] > > > how to configure it. If you want password based auth for sshd, then go > > ahead and edit /etc/ssh/sshd_config and/or /etc/pam.d entries, as > > appropriate. > > Assuming I want to login as any user on the system, hacking pam shouldn't > be necessary, right? > > I've made the following changes to the stock /etc/ssh/sshd_config: > > PubkeyAuthentication no > PermitRootLogin yes > PasswordAuthentication yes > > And of course, restarted the daemon each time I made a change. However, > when I try to ssh in in the following ways: > > ssh paulf@buckaroo > ssh root@buckaroo > ssh buckaroo > ssh 192.168.254.30 > > I get a flat "Permission denied (password,keyboard-interactive)". Not eve= n > an attempt to ask for a password. > > Clearly something's wrong, but I have no idea what. And I have googled th= e > problem and visitied numerous sites to no avail. > > Paul > > -- > Paul M. Foster > Personal Blog: http://noferblatz.com > Company Site: http://quillandmouse.com > Software Projects: https://gitlab.com/paulmfoster > > --00000000000028ba13061019d96d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
For a permission denied error, check to see if the files = have the correct permission (home dir, -/.ssh, other files as used). Also c= heck your client to make sure it has the proper permissions.

The other way to find errors is to st= art sshd (from the command line) with =C2=A0-d and/or -v flags and then try= to connect using your ssh client. The sshd server will out logging as to w= hat the errors are. It may tell you what is causing the permission denied e= rror.


Walter
The greatest dangers to liberty lurk in i= nsidious encroachment by men=C2=A0of zeal, well-meaning but without underst= anding. =C2=A0 -- Justice Louis D.=C2=A0Brandeis


On Mon, Jan 29, 2024 at 7:58=E2=80=AFAM Paul M Foster <paulf@quillandmouse.com> wrote= :
On Mon, Jan 29, 2024 at 02:15:19P= M +0000, Matthew Seaman wrote:

[snip]

> how to configure it.=C2=A0 If you want password based auth for sshd, t= hen go
> ahead and edit /etc/ssh/sshd_config and/or /etc/pam.d entries, as
> appropriate.

Assuming I want to login as any user on the system, hacking pam shouldn'= ;t
be necessary, right?

I've made the following changes to the stock /etc/ssh/sshd_config:

PubkeyAuthentication no
PermitRootLogin yes
PasswordAuthentication yes

And of course, restarted the daemon each time I made a change. However,
when I try to ssh in in the following ways:

ssh paulf@buckaroo
ssh root@buckaroo
ssh buckaroo
ssh 192.168.254.30

I get a flat "Permission denied (password,keyboard-interactive)".= Not even
an attempt to ask for a password.

Clearly something's wrong, but I have no idea what. And I have googled = the
problem and visitied numerous sites to no avail.

Paul

--
Paul M. Foster
Personal Blog: http://noferblatz.com
Company Site: http://quillandmouse.com
Software Projects: https://gitlab.com/paulmfoster

--00000000000028ba13061019d96d--