Date: Mon, 16 Jul 2001 13:18:27 +0300 From: "Shila Ofek" <shila_ofek@hotmail.com> To: roam@orbitel.bg Cc: security@freebsd.org Subject: Re: OpenSSH UseLogin parameter Message-ID: <F40NYAE4TEdkuCLU8AM00014558@hotmail.com>
next in thread | raw e-mail | index | archive | help
I'm working with OpenSSH-2.2.0 on FreeBSD 4.2, and from a look at the code it doesn't work with PAM. The only reminder of PAM in the code is in file auth1.c: #ifdef HAVE_LIBPAM int pam_retval; #endif /* HAVE_LIBPAM */ and that's it... Should I recompile the SSH daemon with some flag or something, or do I have the wrong version? The lines I have in pam.conf are: sshd auth required pam_radius.so sshd account optional pam_unix.so sshd password required pam_permit.so sshd session required pam_permit.so Is this OK? Although I'm quite sure it doesn't get to this part at all. The output I get when I run the daemon with -d is: [Prompt]sshd -d debug: sshd version OpenSSH_2.2.0 error: Could not load DSA host key: /etc/ssh/ssh_host_dsa_key Disabling protocol version 2 debug: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug: Server will not fork when running in debugging mode. Connection from XXX port XXX Connection from XXX port XXX debug: Client protocol version 1.5; client software version OpenSSH_2.2.0 debug: Local version string SSH-1.5-OpenSSH_2.2.0 debug: Sent 768 bit public key and 1024 bit host key. debug: Encryption type: 3des debug: Received session key; encryption turned on. debug: Installing crc compensation attack detector. Faking authloop for illegal user radtest from XXX port XXX Thanks, Shila. >From: Peter Pentchev <roam@orbitel.bg> >To: Shila Ofek <shila_ofek@hotmail.com> >CC: green@freebsd.org, security@freebsd.org >Subject: Re: OpenSSH UseLogin parameter >Date: Mon, 16 Jul 2001 12:08:03 +0300 > >On Mon, Jul 16, 2001 at 11:22:14AM +0300, Shila Ofek wrote: > > When the ssh user authentication is a password authentication, I want to >use > > PAM. It seems that the OpenSsh daemon does not work with PAM, so I >thought > > that using the regular login, I will get PAM integration for free. > > So, is it possible to work with the UseLogin to use the regular login > > program? What do I have to do to use it properly? > > Or, is there a possibility, the the OpenSSH daemon will work with PAM >when > > it's doing password authentication? > >The OpenSSH daemon does work with PAM. Do you have the proper >configuration >lines in your /etc/pam.conf file, though? Post the output of: > > grep '^sshd' /etc/pam.conf > >G'luck, >Peter > >-- >If there were no counterfactuals, this sentence would not have been >paradoxical. > > > >From: "Brian F. Feldman" <green@freebsd.org> > > >To: "Shila Ofek" <shila_ofek@hotmail.com> > > >CC: security@freebsd.org > > >Subject: Re: OpenSSH UseLogin parameter > > >Date: Thu, 12 Jul 2001 15:59:45 -0400 > > > > > >"Shila Ofek" <shila_ofek@hotmail.com> wrote: > > > > Hello, > > > > I'm trying to get an openssh daemon to work with the regular login, > > >using > > > > the UseLogin parameter in the daemon's configuration file. > > > > But, it doesn't work... > > > > Does anyone have any experience with this? > > > > > > > > Thanks, > > > > Shila Ofek. > > > > > >Why exactly would you want to do this? If there are bugs that you know > > >about in OpenSSH's login code, they should be reported. OpenSSH is >meant > > >to > > >work without using login, supporting all the functionality login has. >Let > > >me know exactly what problems you're having. _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F40NYAE4TEdkuCLU8AM00014558>