From owner-freebsd-questions@FreeBSD.ORG Fri Apr 18 06:02:49 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 494AA37B401 for ; Fri, 18 Apr 2003 06:02:49 -0700 (PDT) Received: from apollo.laserfence.net (apollo.laserfence.net [196.44.69.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 44C2243FAF for ; Fri, 18 Apr 2003 06:02:47 -0700 (PDT) (envelope-from will@unfoldings.net) Received: from localhost ([127.0.0.1]) by apollo.laserfence.net with esmtp (Exim 4.10) id 196VVr-000LYy-00; Fri, 18 Apr 2003 15:02:43 +0200 Received: from prometheus-p0.datel.laserfence.net ([192.168.255.1] helo=prometheus.home.laserfence.net) by apollo.laserfence.net with esmtp (Exim 4.10) id 196VVb-000LYp-00; Fri, 18 Apr 2003 15:02:29 +0200 Received: from phoenix.home.laserfence.net ([192.168.0.2]) by prometheus.home.laserfence.net with esmtp (Exim 4.10) id 196VVX-000PCA-00; Fri, 18 Apr 2003 15:02:23 +0200 Received: from will by phoenix.home.laserfence.net with local (Exim 4.10) id 196VVX-000Fww-00; Fri, 18 Apr 2003 15:02:23 +0200 From: Willie Viljoen To: Joe Lewis , questions@FreeBSD.org Date: Fri, 18 Apr 2003 15:02:23 +0200 User-Agent: KMail/1.5.1 References: <3E9F2F25.1050103@relia.net> In-Reply-To: <3E9F2F25.1050103@relia.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200304181502.23207.will@unfoldings.net> Sender: Willie Viljoen X-Spam-Score: (/) X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *196VVb-000LYp-00*omey3XLzzwM* X-Virus-Scanned: by AMaViS snapshot-20020422 Subject: Re: Why does SSH prompt for 2 passwords? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2003 13:02:49 -0000 On Friday 18 April 2003 0:48, someone, possibly Joe Lewis, typed: > Password: > Response: > joe@192.168.1.1's password: The first prompt is PAM challenge response authentication. This uses the PAM system instead of a just a flat read of /etc/master.passwd to authenticate, and is also more secure than standard plaintext authentication. Unless your sshd is misconfigured, your configuration files and binaries are out of sync (this happend when a system is upgraded without doing mergemaster), this should not be happening, and you should be able to log in at the first prompt. It might also be that the ssh client you are using does not handle challenge response authentication properly. If you are happy with standard plaintext configuration, you may edit /etc/ssh/sshd_config and change the setting to this: # Change to no to disable PAM authentication ChallengeResponseAuthentication no I'd recommend you rather get PAM fixed though, or use public key authentication instead, that's much more secure than any form of password authentication. Will -- Willie Viljoen Freelance IT Consultant 214 Paul Kruger Avenue, Universitas Bloemfontein 9321 South Africa +27 51 522 15 60 +27 51 522 44 36 (after hours) +27 82 404 03 27 (mobile) will@unfoldings.net