From owner-freebsd-questions@FreeBSD.ORG Mon Feb 12 15:10:56 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0AD2816A401 for ; Mon, 12 Feb 2007 15:10:56 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout4.cac.washington.edu (mxout4.cac.washington.edu [140.142.33.19]) by mx1.freebsd.org (Postfix) with ESMTP id DBC8D13C4A6 for ; Mon, 12 Feb 2007 15:10:55 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.32.141] (may be forged)) by mxout4.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id l1CFAtOl028000 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 12 Feb 2007 07:10:55 -0800 X-Auth-Received: from [192.168.10.41] (c-67-187-172-183.hsd1.ca.comcast.net [67.187.172.183]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id l1CFAs24003867 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Mon, 12 Feb 2007 07:10:55 -0800 Message-ID: <45D0837C.2070205@u.washington.edu> Date: Mon, 12 Feb 2007 07:10:52 -0800 From: Garrett Cooper User-Agent: Thunderbird 1.5.0.9 (X11/20070122) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <45D07D5A.2040307@axis.nl> In-Reply-To: <45D07D5A.2040307@axis.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-PMX-Version: 5.3.0.289146, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2007.2.12.65433 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __USER_AGENT 0' Subject: Re: Help please: how to enable SSH password authentication under FreeBSD 6.2? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 15:10:56 -0000 Olaf Greve wrote: > Hi guys, > > (Firstly: I posted this message well over an hour ago, and it does not > seem to have come through, in case you recieve this twice, then I'm > sorry for that :P ) > > Sorry to ask such a trivial question, and I'm positive it must have been > treated here before, but I just can't remember how to do it exactly, and > perhaps someone can give me a quick answer and spare me hours of further > RTFM-ing. :P > > The issue: > I'm (re-) installing my fall-back server, and selected FreeBSD 6.2 i386 > release (generic kernel, for now) for that. Now, I want to be able to > access it using SSH (PuTTY, most often) from anywhere in the world, and > hence would like to enable password authentication in SSH again. > Therefore, I used the same /etc/ssh/sshd_config (as listed down below, > with dummy names abc, def, and ghi in the AllowUsers line) as on my live > server, where this works fine. However, when I try accessing it using > PuTTY, PuTTY keeps failing mentioning something like 'host key check > failed'. In the debug.log file on the fallback machine, I learnt that > PuTTY only tries the SSH2 protocol, and doesn't fall back to SSH1 when > it notices that that fails. On the live server (FreeBSD 5.4-release > AMD64, custom kernel), this works a charm, and on that machine the > debug.log file does mention PuTTY (yes, the very same as used for trying > to connect to the fallback machine) that PuTTY falls back to SSH1 and > uses PAM for authentication... > > The question: > I recall having had this issue before, and I *think* the resolution was > to enable PAM authentication or so outside of /etc/ssh/sshd_config. I > thought to recall that I either did this in rc.conf (or the defaults for > that), or in the custom kernel configuration. However, I couldn't find > any hints to that anymore on the live box...:( > Does anyone know how to get this going properly, and what it is that I'm > overlooking? > > Tnx in advance and cheers! > Olafo > > PS: the used /etc/ssh/sshd_config file's contents follows here: Just looking at your config everything appears to be fine. If you don't have PAM enabled or don't want it enabled though you should uncomment this line in your config: # Change to no to disable PAM authentication ChallengeResponseAuthentication no 1) Did you restart your daemon? 2) Are you using the ssh available in the base system or ports? Cheers, -Garrett