From owner-freebsd-current@FreeBSD.ORG Sat May 15 15:20:00 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C1B3516A4CE for ; Sat, 15 May 2004 15:20:00 -0700 (PDT) Received: from cmsrelay02.mx.net (cmsrelay02.mx.net [165.212.11.111]) by mx1.FreeBSD.org (Postfix) with SMTP id F257543D2F for ; Sat, 15 May 2004 15:19:59 -0700 (PDT) (envelope-from noackjr@alumni.rice.edu) Received: from uadvg131.cms.usa.net (165.212.11.131) by cmsoutbound.mx.net with SMTP; 15 May 2004 22:19:59 -0000 Received: from optimator.noacks.org [66.140.18.96] by uadvg131.cms.usa.net (ASMTP/noackjr@usa.net) via mtad (C8.MAIN.3.13N) with ESMTP id 090ieowT40491M31; Sat, 15 May 2004 22:19:55 GMT X-USANET-Auth: 66.140.18.96 AUTH noackjr@usa.net optimator.noacks.org Received: from localhost (localhost [127.0.0.1]) by optimator.noacks.org (Postfix) with ESMTP id 4E19C616B; Sat, 15 May 2004 17:19:55 -0500 (CDT) Received: from optimator.noacks.org ([127.0.0.1]) by localhost (optimator.noacks.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 31777-01; Sat, 15 May 2004 17:19:54 -0500 (CDT) Received: from compgeek.noacks.org (compgeek [192.168.1.10]) by optimator.noacks.org (Postfix) with ESMTP id 1D0B5610C; Sat, 15 May 2004 17:19:54 -0500 (CDT) Received: from [127.0.0.1] (localhost [127.0.0.1]) by compgeek.noacks.org (8.12.11/8.12.11) with ESMTP id i4FMJrWw086178; Sat, 15 May 2004 17:19:53 -0500 (CDT) (envelope-from noackjr@alumni.rice.edu) Message-ID: <40A69789.6060101@alumni.rice.edu> Date: Sat, 15 May 2004 17:19:53 -0500 From: Jon Noack User-Agent: Mozilla Thunderbird 0.6 (X11/20040504) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Forrest Aldrich References: <40A4FF60.4000400@forrie.com> In-Reply-To: <40A4FF60.4000400@forrie.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at noacks.org cc: freebsd-current@freebsd.org Subject: Re: Bug in CURRENT OpenSSL/sshd? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: noackjr@alumni.rice.edu List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 May 2004 22:20:00 -0000 Forrest Aldrich wrote: > I use SecureCRT from Windows/XP to connect to my various FreeBSD servers. > > When I updated (twice installed to verify) from FreeBSD-5.2.1 to > FreeBSD-CURRENT, I'm no longer able to log in via SecureCRT. The error > indicates there are no authentication methods. > > I've changed my config in SecureCRT to "Keyboard Interactive" which > works fine. This is not a bug with SecureCRT, it is on the sshd side. > > I tried uncommenting PasswordAuthentication in /etc/ssh/sshd_config and > that didn't make a difference. > > Wondering if anyone else has seen this problem, as I'd like to narrow > this down and get it fixed. For what it is worth, Keyboard-Interactive is the better choice. You must have missed this when you read UPDATING (you did read UPDATING, didn't you? ;-): 20040226: Some sshd configuration defaults have changed: protocol version 1 is no longer enabled by default, and password authentication is disabled by default if PAM is enabled (which it is by default). OpenSSH clients should not be affected by this; other clients may have to be reconfigured, upgraded or replaced. Uncommenting PasswordAuthentication should restore the previous behavior (although the email from des@ said to uncomment protocol version 1 as well). Did you restart sshd before testing? You might try an 'ssh -v hostname' with an OpenSSH client to be sure it is picking up the option. Look for a line like the following: debug: Authentications that can continue: publickey,keyboard-interactive With PasswordAuthentication you should also see "password" in there. Jon Noack