Date: Sun, 31 May 2009 16:18:09 +0200 From: "=?ISO-8859-2?Q?Saj=F3_Zsolt_Attila?=" <sajozsattila@citromail.hu> To: <freebsd-questions@freebsd.org> Subject: sshd + pam_pgsql Message-ID: <20090531141809.18839.qmail@server14.citromail.hu>
next in thread | raw e-mail | index | archive | help
Hi!
I would like use the sshd with pam_pgsql module. But it isn't work, and I c=
an't configure the pam debug too. So my two question:
How can I use the pam debug?
How do I use the sshd with pam-pgsql?
OS: FreeBSD 7.2
My /etc/pamd./sshd:
auth=09=09required=09pam_unix.so=09=09no_warn try_first_pass
auth=09=09sufficient=09pam_pgsql.so config_file=3D/etc/ssh/ssh-pam_pgsql.co=
nf
account=09=09required=09pam_unix.so
account =09requisite=09pam_pgsql.so config_file=3D/etc/ssh/ssh-pam_pgsql.co=
nf
password=09required=09pam_unix.so=09=09no_warn try_first_pass
password=09sufficient=09pam_pgsql.so config_file=3D/etc/ssh/ssh-pam_pgsql.c=
onf
session =09sufficient=09pam_pgsql.so config_file=3D/etc/ssh/ssh-pam_pgsql.c=
onf
My /etc/ssh/ssh-pam_pgsql.conf:
debug
pw_type =3D md5
connect =3D dbname=3Dsshuser user=3Dattila password=3Dxxxxx
auth_query =3D select password from felhasznalok where user_name =3D %u
acct_query =3D select password from felhasznalok where user_name =3D %u
pwd_query =3D update account set password =3D %p where user_name =3D %u
psql -U attila -c "SELECT * FROM felhasznalok" sshuser":<code>
user_name | password | uid | gid | login_class | password_change_time | a=
ccount_expiry_time | user_full_name | home_directory | user_shell=20
-----------+----------+------+------+-------------+----------------------+-=
--------------------+----------------+-----------------+------------
sftpuser2 | sara | 2001 | 2001 | hungarian | | =
| sftp user | /home/.sftpuser | /bin/sh</code&g=
t;
My /etc/ssh/sshd_conf:
[..]
UsePAM yes
PasswordAuthentication yes
PermitEmptyPasswords yes
PermitRootLogin without-password
[..]
ssh -v -l sshuser2 luk1814.no-ip.org:
OpenSSH_5.1p1 FreeBSD-20080901, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to luk1814.no-ip.org [84.3.76.241] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 =
FreeBSD-20080901
debug1: match: OpenSSH_5.1p1 FreeBSD-20080901 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 FreeBSD-20080901
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'luk1814.no-ip.org' is known and matches the DSA host key.
debug1: Found key in /root/.ssh/known_hosts:6
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-inte=
ractive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-inte=
ractive
debug1: Authentications that can continue: publickey,password,keyboard-inte=
ractive
debug1: Authentications that can continue: publickey,password,keyboard-inte=
ractive
debug1: Next authentication method: password
debug1: Authentications that can continue: publickey,password,keyboard-inte=
ractive
Permission denied, please try again.
debug1: Authentications that can continue: publickey,password,keyboard-inte=
ractive
Permission denied, please try again.
Received disconnect from 84.3.76.241: 2: Too many authentication failures f=
or sftpuser3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090531141809.18839.qmail>