Date: Wed, 27 Mar 2002 14:10:18 -0500 From: Jim Freeze <jim@freeze.org> To: questions@freebsd.org Subject: changes in sshd from 4.4R to 4.5S? (Multiple attempts required) Message-ID: <20020327141018.A5564@freeze.org>
next in thread | raw e-mail | index | archive | help
Hi: I recently upgraded my system to 4.5stable and now when I login remotely, I have to make three attempts before my password is accepted. Does someone have any ideas as to why I have to go through three entries before my password is accepted? Details are as follows: ssh mydomain.com -l name otp-md5 456 ra9923 ext S/Key Password: otp-md5 24 ra5518 ext S/Key Password: otp-md5 91 ra1113 ext S/Key Password: name@mydomain.com's password: # My pasword finally works here Last login: Wed Mar 27 12:13:34 2002 from... I tried verbose and this is what I get ssh -v mydomain.com -l name ... Rhosts Authentication disabled, originating port will not be trusted. ... Host 'freeze.org' is known and matches the DSA host key. debug1: Found key in /home/jfn/.ssh/known_hosts:10 debug1: bits set: 1050/2049 debug1: ssh_dss_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is publickey debug1: try privkey: /home/jfn/.ssh/id_rsa debug1: try privkey: /home/jfn/.ssh/id_dsa debug1: next auth method to try is keyboard-interactive otp-md5 355 ra7020 ext S/Key Password: debug1: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64) otp-md5 122 ra4912 ext ... S/Key Password: debug1: packet_send2: adding 32 (len 15 padlen 17 extra_pad 64) debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is password name@mydomain.com's password: .. this is where my password is finally accepted. Here is a snippet of the default /etc/ssh/sshd_config file: RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #ChallengeResponseAuthentication no (The 'tunneled clear text passwords' sounds scary. I thought ssh wouldn't send clear text passwords.) Thanks uname -a FreeBSD rabbit 4.5-STABLE FreeBSD 4.5-STABLE #0: Tue Mar 26 01:23:32 EST 2002 jfreeze@rabbit:/usr/obj/usr/src/sys/RABBIT i386 -- Jim Freeze atto: 1e-18 = one quintillionth parsec: 3.258 light-years: 3.258 * 186000 * 364 * 24 * 3600 * 5280 * 12 attoparsec: atto * parsec =~ 1.20 inch My height: 62 inches / 1.2 = 51.7 attoparsecs ~ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020327141018.A5564>