Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 Jan 2004 13:28:53 +0100
From:      Ruben de Groot <mail25@bzerk.org>
To:        Matthew Seaman <matthew@cryptosphere.com>, Rishi Chopra <rchopra@cal.berkeley.edu>, questions@freebsd.org
Subject:   Re: FreeBSD, SSH and "Enter Authentication Response"
Message-ID:  <20040113122853.GD57681@ei.bzerk.org>
In-Reply-To: <20040113115550.GB23956@happy-idiot-talk.infracaninophile.co.uk>
References:  <4003126E.5030107@cal.berkeley.edu> <20040113115550.GB23956@happy-idiot-talk.infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Jan 13, 2004 at 11:55:50AM +0000, Matthew Seaman typed:
> On Mon, Jan 12, 2004 at 01:32:30PM -0800, Rishi Chopra wrote:
> > I have a nitpicky question about logging into a FreeBSD machine and 
> > SSH.  I'm using a minimal FreeBSD install and SSH Secure Shell client 
> > v3.2.0 - the crux of the problem is I am unable to "smoothly" login.
> 
> Which FreeBSD version?  And are you running the OpenSSH server
> supplied with the system or one from ports?

Judging by name and version number, I think he's not running OpenSSH
at all, but the other ssh implementation from ssh.org

> > When I login to my machine, I'm prompted to enter an "authentication 
> > response".  A window is displayed with "Enter Authentication Response" 
> > in the title bar, and two buttons at the bottom ('OK' and 'Cancel') - 
> > the text says:
> > 
> >   Enter your authentication response.
> >   Password:
> 
> Sounds like you've got the PAM based challenge-response authentication
> enabled in your /etc/ssh/sshd_config (which is the default), but
> your /etc/pam.conf (FreeBSD 4.x) or /etc/pam.d (FreeBSD 5.x) has a
> modified configuration.
> 
> Here are a couple of things to try --
> 
> Turn off Challenge-response authentication in /etc/ssh/sshd_config 
> 
> Change:
> 
>     #ChallengeResponseAuthentication yes
> 
> to
> 
>     ChallengeResponseAuthentication no
> 
> and then:
> 
>     # kill -HUP `cat /var/run/sshd.pid`
> 
> to get it to reread the config.
> 
>  -- or --
> 
> Double check the PAM settings: they should look like this in /etc/pam.conf
> 
>     # OpenSSH with PAM support requires similar modules.  The session one is
>     # a bit strange, though...
>     sshd    auth    sufficient      pam_skey.so
>     sshd    auth    sufficient      pam_opie.so                     no_fake_prompts
>     #sshd   auth    requisite       pam_opieaccess.so
>     #sshd   auth    sufficient      pam_kerberosIV.so               try_first_pass
>     #sshd   auth    sufficient      pam_krb5.so                     try_first_pass
>     sshd    auth    required        pam_unix.so                     try_first_pass
>     sshd    account required        pam_unix.so
>     sshd    password required       pam_permit.so
>     sshd    session required        pam_permit.so
> 
> The /etc/pam.d case is similar, except you should have a file called
> 'sshd' in that directory, whose contents are similar, but without the
> 'sshd' entries in the first column.
> 
> 	Cheers,
> 
> 	Matthew
> 
> 
> -- 
> Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
>                                                       Savill Way
> PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
> Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040113122853.GD57681>