From owner-freebsd-questions@FreeBSD.ORG Fri Apr 18 10:13:24 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B86737B401 for ; Fri, 18 Apr 2003 10:13:24 -0700 (PDT) Received: from sage.thought.org (dsl231-043-140.sea1.dsl.speakeasy.net [216.231.43.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D52843FCB for ; Fri, 18 Apr 2003 10:13:23 -0700 (PDT) (envelope-from kline@thought.org) Received: from thought.org (root@tao [10.0.0.247]) by sage.thought.org (8.12.9/8.11.4) with ESMTP id h3IHDJkh008393; Fri, 18 Apr 2003 10:13:21 -0700 (PDT) (envelope-from kline@thought.org) Received: (from kline@localhost) by thought.org (8.12.6/8.11.3) id h3IHDGR4004760; Fri, 18 Apr 2003 10:13:16 -0700 (PDT) (envelope-from kline) Date: Fri, 18 Apr 2003 10:13:16 -0700 From: Gary D Kline To: Willie Viljoen Message-ID: <20030418171316.GA4706@tao.thought.org> References: <3E9F2F25.1050103@relia.net> <200304181502.23207.will@unfoldings.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200304181502.23207.will@unfoldings.net> X-Organization: Thought Unlimited. Public service Unix since 1986. X-Of_Interest: Observing 16 years of service to the Unix community User-Agent: Mutt/1.5.3i cc: questions@freebsd.org cc: Joe Lewis Subject: Re: Why does SSH prompt for 2 passwords? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2003 17:13:24 -0000 On Fri, Apr 18, 2003 at 03:02:23PM +0200, Willie Viljoen wrote: > On Friday 18 April 2003 0:48, someone, possibly Joe Lewis, typed: > > > Password: > > Response: > > joe@192.168.1.1's password: > > The first prompt is PAM challenge response authentication. This uses the PAM > system instead of a just a flat read of /etc/master.passwd to authenticate, > and is also more secure than standard plaintext authentication. > > Unless your sshd is misconfigured, your configuration files and binaries are > out of sync (this happend when a system is upgraded without doing > mergemaster), this should not be happening, and you should be able to log > in at the first prompt. It might also be that the ssh client you are using > does not handle challenge response authentication properly. > > If you are happy with standard plaintext configuration, you may edit > /etc/ssh/sshd_config and change the setting to this: > > # Change to no to disable PAM authentication > ChallengeResponseAuthentication no > > I'd recommend you rather get PAM fixed though, or use public key > authentication instead, that's much more secure than any form of password > authentication. > I've bumped into this ssh problem myself when I try to reach sites outside my LAN, and it probably is a PAM authentication on my DNS server. I've got to check that I mermastered the 4.8 pam file, but if that doesn't resolve this, can you tell me how else to fix the problem? thanks, gary -- Gary Kline kline@thought.org www.thought.org Public service Unix