Date: Tue, 3 Apr 2001 22:24:50 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Daniel Frazier" <dfrazier@magpage.com>, "Matthew J . Turk" <m-turk@nwu.edu> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: SSHD Problems... Message-ID: <000801c0bcc7$921a8820$1401a8c0@tedm.placo.com> In-Reply-To: <3AC9E1F9.E27008E0@magpage.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hmmmm.... any way to fix this _other_ than going _further_ down the PAM road? Like - maybe SHUT IT OFF?!?!?! Not all of us want or need the latest doo-dad or dingle-hopper module that someone has suddenly decided is a "must have" for FreeBSD. Frankly I'm starting to get a bit sick of it. Adding sshd in as an option was very pleasant. _mandating_ it by putting it in the startup so that keys are generated during installation was not so pleasant, but I decided to let it slide. Switching Kerberos default from off to _on_ as an installation option is the action of an asshole who thinks they know how to set up my server better than I do. So, what's the next on the "we're gonna ram this new option down your fucking throat and make you go through hoops to turn it off despite the fact only a few obnoxious people are screaming for it" campaign for FreeBSD? I know, let's switch off root logins on the console so that if you want to ever login as root you have to bring up the system as single-user mode. Hey, that's insecure - let's switch off ALL logins! That's it - the ultimate FreeBSD installation - out of the box it simply cannot be accessed at all!!!!!! Despite the screeching from the "I live on an insecure campus network with a million wanna-be student crackers and goddamit my net is representative of all networks everywhere" crowd, it _is_ possible to go overboard with the security angle here. Maybe some of the chief proponents ought to quit the FreeBSD effort and go join OpenBSD - they seem to eat this stuff up. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Daniel Frazier >Sent: Tuesday, April 03, 2001 7:45 AM >To: Matthew J . Turk >Cc: freebsd-questions@FreeBSD.ORG >Subject: Re: SSHD Problems... > > >>From /usr/src/UPDATING... > >20010112: > Important new FreeBSD-version stuff: PAM support has been worked > in, partially from the "Unix" OpenSSH version. This requires > adding the following in pam.conf: > > sshd auth sufficient pam_skey.so > sshd auth required pam_unix.so try_first_pass > sshd session required pam_permit.so > >I'm assuming you've made/installed world after this date and didn't see >this. Just add this stuff to /etc/pam.conf and you should be good to go. > >-- >---------------------------------------------------------------------- >Daniel Frazier <dfrazier@magpage.com> Tel: 302-239-5900 Ext. 231 >Systems Administrator Fax: 302-239-3909 >MAGPAGE, We Power the Internet WWW: http://www.magpage.com/ > >"They that can give up essential liberty to obtain a little temporary >safety deserve neither liberty nor safety." > - Benjamin Franklin, Historical Review of Pennsylvania, 1759. > >"Matthew J . Turk" wrote: >> >> Hi there. Does anyone have any idea how to fix a problem like >the following? >> Whenever I ssh into my box, it asks for the password and then >when I enter it it >> drops the connection. My message log is as follows: >> >> Apr 3 09:23:58 dhcp101054 sshd[3470]: no modules loaded for >`sshd' service >> Apr 3 09:23:58 dhcp101054 sshd[3470]: fatal: PAM session setup >failed[6]: >> Permission denied >> Apr 3 09:23:58 dhcp101054 sshd[3470]: no modules loaded for >`sshd' service >> >> Any ideas how to fix it? Thanks! >> >> mjt >> -- >> "Having said that, music is supposed to be >> in the world for celebration, ritual, and >> healing - that's the point for me." >> -- Trey Anastasio >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000801c0bcc7$921a8820$1401a8c0>