From owner-freebsd-questions@FreeBSD.ORG Tue Feb 13 13:32:00 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E9BDF16A400 for ; Tue, 13 Feb 2007 13:32:00 +0000 (UTC) (envelope-from o.greve@axis.nl) Received: from yggdrasil.interstroom.nl (yggdrasil.interstroom.nl [80.85.129.11]) by mx1.freebsd.org (Postfix) with ESMTP id 882BF13C4AC for ; Tue, 13 Feb 2007 13:32:00 +0000 (UTC) (envelope-from o.greve@axis.nl) Received: from ip127-180.introweb.nl ([80.65.127.180] helo=[192.168.1.42]) by yggdrasil.interstroom.nl with asmtp (Exim 3.35 #1 (Debian)) id 1HGxlE-0003jO-00; Tue, 13 Feb 2007 14:31:56 +0100 Message-ID: <45D1BDCA.8050709@axis.nl> Date: Tue, 13 Feb 2007 14:31:54 +0100 From: Olaf Greve User-Agent: Thunderbird 1.5.0.9 (X11/20061222) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <45D07D5A.2040307@axis.nl> <8930024.post@talk.nabble.com> In-Reply-To: <8930024.post@talk.nabble.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-MailScanner-Information: Interstroom virusscan, please e-mail helpdesk@interstroom.nl for more information X-MailScanner-SpamCheck: Subject: Re: [SOLVED] Help please: how to enable SSH password authentication under FreeBSD 6.2? Solved - but not in an expected way X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Feb 2007 13:32:01 -0000 Hi all, To cut to the chase, I 'solved' the issue, or rather, the mystery around it at least, but the 'solution' was not quite as expected. I tried both suggestions given. Firstly: > It rather looks like putty is checking the server key with the older one > (you mentioned you reinstalled the box). Well... Yes and no. Yes: the box was 'reinstalled', but completely cleanly, with a newer FreeBSD version (i.e. 6.2 vs. 5.3), and using a completely different IP address. Given those parameters, it's better to call it a clean install. :P Also, PuTTY never got to the stage where it infomrmed me that a new host was found and if I wanted to store the fingerprint. Instead, it directly bailed out with a message like 'Host key not found' (or something like that). > try to delete the know_host entry in the register database (look for the > entry start->run->regedit then look for the "SshHostKeys" entry and delete > the old key). > > This should fix your pb ;) I did so anyway and it didn't seem to make a difference. I kept getting the same error. Then I tried the other suggestion: ># Change to no to disable PAM authentication >ChallengeResponseAuthentication no I did that (trying setting it to 'yes' as well as 'no') and this too, did not seem to make a difference. Nowwww, normally PuTTY gives me the 'host key' error some 3 times or so before properly finding any host, so I'm used to that. On the new box, I tried it easily 15 times in a row before posing the question yesterday. Today I gave it a longer pounding, and lo and behold: all of a sudden after some 30 attempts it worked! Then, I tried switching the ChallengeResponseAuthentication to the opposite value it was set at, gave it again a pouding of around 20 attempts, and again 1 succeeded. I tried reproducing my 'luck', but some 40 further attempts all yielded no score. It then dawned on me that it might be simply PuTTY that is causing the errors, and indeed, I tried Tunnelier and it works a charm (with and without PAM), and during all atempts I made, it directly logged in without any issues. Conclusion (or assumption, if you will): there seem to be some major incompatibility issues between PuTTY and FreeBSD 6.2's bundled SSH version. Of course it is easy enough to use a different client at home, it's just that when abroad and wanting to check the machine, it is handy to quickly download PuTTY.exe and have a quick check without having to install a complete program... Oh well, at least it works now, and I know the box was (and still is) configured correctly, and I have found a good work-around (i.e. using a better SSH client than PuTTY). Cheers, and thanks for baring with me, Olafo