From owner-freebsd-questions Wed Mar 27 11:11:14 2002 Delivered-To: freebsd-questions@freebsd.org Received: from freeze.org (freeze.org [63.106.140.202]) by hub.freebsd.org (Postfix) with ESMTP id A302737B41D for ; Wed, 27 Mar 2002 11:11:06 -0800 (PST) Received: (from jfreeze@localhost) by freeze.org (8.11.6/8.11.6) id g2RJAI905581 for questions@freebsd.org; Wed, 27 Mar 2002 14:10:18 -0500 (EST) (envelope-from jfreeze) Date: Wed, 27 Mar 2002 14:10:18 -0500 From: Jim Freeze To: questions@freebsd.org Subject: changes in sshd from 4.4R to 4.5S? (Multiple attempts required) Message-ID: <20020327141018.A5564@freeze.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi: I recently upgraded my system to 4.5stable and now when I login remotely, I have to make three attempts before my password is accepted. Does someone have any ideas as to why I have to go through three entries before my password is accepted? Details are as follows: ssh mydomain.com -l name otp-md5 456 ra9923 ext S/Key Password: otp-md5 24 ra5518 ext S/Key Password: otp-md5 91 ra1113 ext S/Key Password: name@mydomain.com's password: # My pasword finally works here Last login: Wed Mar 27 12:13:34 2002 from... I tried verbose and this is what I get ssh -v mydomain.com -l name ... Rhosts Authentication disabled, originating port will not be trusted. ... Host 'freeze.org' is known and matches the DSA host key. debug1: Found key in /home/jfn/.ssh/known_hosts:10 debug1: bits set: 1050/2049 debug1: ssh_dss_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is publickey debug1: try privkey: /home/jfn/.ssh/id_rsa debug1: try privkey: /home/jfn/.ssh/id_dsa debug1: next auth method to try is keyboard-interactive otp-md5 355 ra7020 ext S/Key Password: debug1: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64) otp-md5 122 ra4912 ext ... S/Key Password: debug1: packet_send2: adding 32 (len 15 padlen 17 extra_pad 64) debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is password name@mydomain.com's password: .. this is where my password is finally accepted. Here is a snippet of the default /etc/ssh/sshd_config file: RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #ChallengeResponseAuthentication no (The 'tunneled clear text passwords' sounds scary. I thought ssh wouldn't send clear text passwords.) Thanks uname -a FreeBSD rabbit 4.5-STABLE FreeBSD 4.5-STABLE #0: Tue Mar 26 01:23:32 EST 2002 jfreeze@rabbit:/usr/obj/usr/src/sys/RABBIT i386 -- Jim Freeze atto: 1e-18 = one quintillionth parsec: 3.258 light-years: 3.258 * 186000 * 364 * 24 * 3600 * 5280 * 12 attoparsec: atto * parsec =~ 1.20 inch My height: 62 inches / 1.2 = 51.7 attoparsecs ~ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message