From owner-freebsd-questions@FreeBSD.ORG Wed Mar 10 13:53:29 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D50616A4D2 for ; Wed, 10 Mar 2004 13:53:29 -0800 (PST) Received: from m00.ca.astound.net (m00.ca.astound.net [64.85.239.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C85C43D1F for ; Wed, 10 Mar 2004 13:53:29 -0800 (PST) (envelope-from rchopra@cal.berkeley.edu) Received: from cal.berkeley.edu (ca.astound.net [64.85.239.2]) by m00.ca.astound.net (8.12.10/8.12.10) with ESMTP id i2ALqHw7008547; Wed, 10 Mar 2004 13:52:18 -0800 Message-ID: <404F8DB6.8010608@cal.berkeley.edu> Date: Wed, 10 Mar 2004 13:50:46 -0800 From: Rishi Chopra User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Matthew Seaman References: <4003126E.5030107@cal.berkeley.edu> <20040113115550.GB23956@happy-idiot-talk.infracaninophile.co.uk> <20040113122853.GD57681@ei.bzerk.org> <40046367.3050305@cal.berkeley.edu> <20040113215551.GA69353@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <20040113215551.GA69353@happy-idiot-talk.infracaninophile.co.uk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new cc: Ruben de Groot cc: questions@freebsd.org Subject: Re: FreeBSD, SSH and "Enter Authentication Response" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Mar 2004 21:53:29 -0000 To quote Ringo Starr ala The Simpsons, "Please forgive the lateness of my reply". Matthew: Your suggestion worked beautifully. Changing /etc/ssh/sshd_config solved my "confirmation login" problem quite nicely. Just to confirm, I am running the version of SSH that comes standard with FreeBSD 5.1-RELEASE. -- Rishi Chopra http://www.ocf.berkeley.edu/~rchopra Matthew Seaman wrote: > On Tue, Jan 13, 2004 at 01:30:15PM -0800, Rishi Chopra wrote: > >>I've included copies of my /etc/ssh/ssh_config file and /etc/pam.d/ssh - >>I'm running a default minimal installation of FreeBSD 5.2: > > > >>etc/ssh/ssh_config: > > > Um... /etc/ssh/sshd_config is more to the point -- ssh_config is for > the client side, ssh*d*_config is for the server side. > > However if you've just installed the system then chances are the > sshd_config is unmodified from the default settings. > > Try turning off the challenge-response stuff as I suggested in my > earlier e-mail. ie. make it so that sshd_config contains: > > ChallengeResponseAuthentication no > > >>/etc/pam.d/ssh > > > That looks fine. > > Hmmm... This does look like a peculiar interaction of your particular > SSH client software and the OpenSSH server code on FreeBSD. > > Normally I'd suggest running the client side connection with debugging > turned up high, eg: > > % ssh -v -v -v host.example.com > > but I don't know what the equivalent of that is for the client > software you're using. > > A very good diagnostic test though is to run the server side with the > debugging turned up. A good trick is to run it on an alternative port > so you can run it in parallel with your regular sshd. eg: > > # sshd -d -d -d -p 24 > > You can then connect to the alternate port by: > > % ssh host.example.com:24 > > This will produce quite a lot of output, and exit after the ssh > session. By comparing this output to the equivalent output from a > machine where you don't have the problem you should be able to tell > what the FreeBSD box is doing differently, and maybe work out how to > fix it. Be aware that the full debug output from sshd should not be > published as it can contain privileged information. > > Cheers, > > Matthew >