Date: Tue, 13 Jan 2004 11:55:50 +0000 From: Matthew Seaman <matthew@cryptosphere.com> To: Rishi Chopra <rchopra@cal.berkeley.edu> Cc: questions@freebsd.org Subject: Re: FreeBSD, SSH and "Enter Authentication Response" Message-ID: <20040113115550.GB23956@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <4003126E.5030107@cal.berkeley.edu> References: <4003126E.5030107@cal.berkeley.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZfOjI3PrQbgiZnxM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Jan 12, 2004 at 01:32:30PM -0800, Rishi Chopra wrote:
> I have a nitpicky question about logging into a FreeBSD machine and=20
> SSH. I'm using a minimal FreeBSD install and SSH Secure Shell client=20
> v3.2.0 - the crux of the problem is I am unable to "smoothly" login.
Which FreeBSD version? And are you running the OpenSSH server
supplied with the system or one from ports?
> When I login to my machine, I'm prompted to enter an "authentication=20
> response". A window is displayed with "Enter Authentication Response"=20
> in the title bar, and two buttons at the bottom ('OK' and 'Cancel') -=20
> the text says:
>=20
> Enter your authentication response.
> Password:
Sounds like you've got the PAM based challenge-response authentication
enabled in your /etc/ssh/sshd_config (which is the default), but
your /etc/pam.conf (FreeBSD 4.x) or /etc/pam.d (FreeBSD 5.x) has a
modified configuration.
Here are a couple of things to try --
Turn off Challenge-response authentication in /etc/ssh/sshd_config=20
Change:
#ChallengeResponseAuthentication yes
to
ChallengeResponseAuthentication no
and then:
# kill -HUP `cat /var/run/sshd.pid`
to get it to reread the config.
-- or --
Double check the PAM settings: they should look like this in /etc/pam.conf
# OpenSSH with PAM support requires similar modules. The session one is
# a bit strange, though...
sshd auth sufficient pam_skey.so
sshd auth sufficient pam_opie.so no_fake=
_prompts
#sshd auth requisite pam_opieaccess.so
#sshd auth sufficient pam_kerberosIV.so try_fir=
st_pass
#sshd auth sufficient pam_krb5.so try_fir=
st_pass
sshd auth required pam_unix.so try_fir=
st_pass
sshd account required pam_unix.so
sshd password required pam_permit.so
sshd session required pam_permit.so
The /etc/pam.d case is similar, except you should have a file called
'sshd' in that directory, whose contents are similar, but without the
'sshd' entries in the first column.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--ZfOjI3PrQbgiZnxM
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAA9zGdtESqEQa7a0RAo/gAJ4ym4hYGJY0JvzxbBbiEjbFYt1mkQCfY/TC
AE2cAnC54HtgoButEg+flx4=
=dvcn
-----END PGP SIGNATURE-----
--ZfOjI3PrQbgiZnxM--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040113115550.GB23956>