From owner-freebsd-questions@FreeBSD.ORG Tue Jan 13 04:27:17 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB3C316A4CE for ; Tue, 13 Jan 2004 04:27:17 -0800 (PST) Received: from ei.bzerk.org (ei.xs4all.nl [213.84.67.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E9CF43D53 for ; Tue, 13 Jan 2004 04:27:15 -0800 (PST) (envelope-from mail25@bzerk.org) Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1]) by ei.bzerk.org (8.12.10/8.12.10) with ESMTP id i0DCSro9058788; Tue, 13 Jan 2004 13:28:53 +0100 (CET) (envelope-from mail25@bzerk.org) Received: (from bulk@localhost) by ei.bzerk.org (8.12.10/8.12.10/Submit) id i0DCSrDk058787; Tue, 13 Jan 2004 13:28:53 +0100 (CET) (envelope-from mail25@bzerk.org) X-Authentication-Warning: ei.bzerk.org: bulk set sender to mail25@bzerk.org using -f Date: Tue, 13 Jan 2004 13:28:53 +0100 From: Ruben de Groot To: Matthew Seaman , Rishi Chopra , questions@freebsd.org Message-ID: <20040113122853.GD57681@ei.bzerk.org> References: <4003126E.5030107@cal.berkeley.edu> <20040113115550.GB23956@happy-idiot-talk.infracaninophile.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040113115550.GB23956@happy-idiot-talk.infracaninophile.co.uk> User-Agent: Mutt/1.4.1i Subject: Re: FreeBSD, SSH and "Enter Authentication Response" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2004 12:27:17 -0000 On Tue, Jan 13, 2004 at 11:55:50AM +0000, Matthew Seaman typed: > On Mon, Jan 12, 2004 at 01:32:30PM -0800, Rishi Chopra wrote: > > I have a nitpicky question about logging into a FreeBSD machine and > > SSH. I'm using a minimal FreeBSD install and SSH Secure Shell client > > v3.2.0 - the crux of the problem is I am unable to "smoothly" login. > > Which FreeBSD version? And are you running the OpenSSH server > supplied with the system or one from ports? Judging by name and version number, I think he's not running OpenSSH at all, but the other ssh implementation from ssh.org > > When I login to my machine, I'm prompted to enter an "authentication > > response". A window is displayed with "Enter Authentication Response" > > in the title bar, and two buttons at the bottom ('OK' and 'Cancel') - > > the text says: > > > > Enter your authentication response. > > Password: > > Sounds like you've got the PAM based challenge-response authentication > enabled in your /etc/ssh/sshd_config (which is the default), but > your /etc/pam.conf (FreeBSD 4.x) or /etc/pam.d (FreeBSD 5.x) has a > modified configuration. > > Here are a couple of things to try -- > > Turn off Challenge-response authentication in /etc/ssh/sshd_config > > Change: > > #ChallengeResponseAuthentication yes > > to > > ChallengeResponseAuthentication no > > and then: > > # kill -HUP `cat /var/run/sshd.pid` > > to get it to reread the config. > > -- or -- > > Double check the PAM settings: they should look like this in /etc/pam.conf > > # OpenSSH with PAM support requires similar modules. The session one is > # a bit strange, though... > sshd auth sufficient pam_skey.so > sshd auth sufficient pam_opie.so no_fake_prompts > #sshd auth requisite pam_opieaccess.so > #sshd auth sufficient pam_kerberosIV.so try_first_pass > #sshd auth sufficient pam_krb5.so try_first_pass > sshd auth required pam_unix.so try_first_pass > sshd account required pam_unix.so > sshd password required pam_permit.so > sshd session required pam_permit.so > > The /etc/pam.d case is similar, except you should have a file called > 'sshd' in that directory, whose contents are similar, but without the > 'sshd' entries in the first column. > > Cheers, > > Matthew > > > -- > Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks > Savill Way > PGP: http://www.infracaninophile.co.uk/pgpkey Marlow > Tel: +44 1628 476614 Bucks., SL7 1TH UK