Date: Wed, 28 Jun 2000 00:52:13 -0700 From: "Craig Critchley" <cac@fuzzer.com> To: "Jon" <jon@state.net>, <freebsd-questions@FreeBSD.ORG> Subject: Re: OpenSSH 3.4-R: Can't log in from remote ssh client Message-ID: <05f101bfe0d5$c5acb830$0201010a@craigc> References: <39593C7C.9B06B019@state.net>
next in thread | previous in thread | raw e-mail | index | archive | help
From: "Jon" <jon@state.net>
> I've d/l'd openssh-2.1.1p1 from ftp.openbsd.org today, and was trying to
> install it on the system described above. I need ssh2 compatibility,
...
> from a remote client that is running all the same versions of programs
> above (on a Solaris 7.7 box), I get a login prompt, but if I try logging
> in using my user account or root, I get denied...
>
> root@jenny's password:
> Permission denied, please try again.
>
> If I ssh from the FreeBSD box to the Solaris box, everything works. It
> seems that the FreeBSD box isn't processing the password or the login
> correctly. Can anyone offer me some advise or help on this?
>
I had the same problem installing openssh on a 3.2-release machine.
First, look at /var/log/messages to see if sshd is complaining about
anything. One thing to check is that openssh on freebsd defaults to using
pam ("pluggable authentication modules") so you need to make sure you add
the sshd entries in pam.conf (or /etc/pam.d/sshd depending on how you want
to organize things). This is in openssh's INSTALL file so you may have
already done that, however, INSTALL doesn't mention there's a sample file in
contrib/sshd.pam.freebsd (in the openssh sources).
Or, you can build openssh without pam support with a configure
switch, --without-pam.
In my case, I also had a problem with the required PAM module, pam_unix.so,
because the crypt() function was undefined. I tried rebuilding without pam,
but got a link error on crypt(). I then added -lcrypt (to get libcrypt.a
linked into sshd) to the makefile, still building --without-pam. This seems
to have fixed the problem; at least, sshd is working and I can log in
remotely.
I am not a freebsd development expert, and definitely not an openssh/openssl
expert, and i suspect what i did was wrong (it certainly seems like a hack).
if what I described rings any bells with any experts, I'd like to know what
I should have really done. at the very least, I'd like to know that I
haven't just opened a gaping hole on the machine...
As for installing from the ports collection, I'm afraid I broke the ports
tree on this machine and have been too lazy to fix it, especially as the fix
is probably to just upgrade to the latest rev... so far openssh is the only
software I've had any trouble with installing manually...
...Craig
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?05f101bfe0d5$c5acb830$0201010a>