Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 Feb 2007 14:31:54 +0100
From:      Olaf Greve <o.greve@axis.nl>
To:        freebsd-questions@freebsd.org
Subject:   Re: [SOLVED] Help please: how to enable SSH password authentication under FreeBSD 6.2? Solved - but not in an expected way
Message-ID:  <45D1BDCA.8050709@axis.nl>
In-Reply-To: <8930024.post@talk.nabble.com>
References:  <45D07D5A.2040307@axis.nl> <8930024.post@talk.nabble.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi all,

To cut to the chase, I 'solved' the issue, or rather, the mystery around 
it at least, but the 'solution' was not quite as expected.

I tried both suggestions given.

Firstly:

> It rather looks like putty is checking the server key with the older one
> (you mentioned you reinstalled the box).

Well... Yes and no.
Yes: the box was 'reinstalled', but completely cleanly, with a newer 
FreeBSD version (i.e. 6.2 vs. 5.3), and using a completely different IP 
address. Given those parameters, it's better to call it a clean install. :P

Also, PuTTY never got to the stage where it infomrmed me that a new host 
was found and if I wanted to store the fingerprint. Instead, it directly 
bailed out with a message like 'Host key not found' (or something like 
that).

> try to delete the know_host entry in the register database (look for the
> entry start->run->regedit then look for the "SshHostKeys" entry and delete
> the old key).
> 
> This should fix your pb ;)

I did so anyway and it didn't seem to make a difference. I kept getting 
the same error.

Then I tried the other suggestion:

 ># Change to no to disable PAM authentication
 >ChallengeResponseAuthentication no

I did that (trying setting it to 'yes' as well as 'no') and this too, 
did not seem to make a difference.

Nowwww, normally PuTTY gives me the 'host key' error some 3 times or so 
before properly finding any host, so I'm used to that. On the new box, I 
tried it easily 15 times in a row before posing the question yesterday.

Today I gave it a longer pounding, and lo and behold: all of a sudden 
after some 30 attempts it worked! Then, I tried switching the 
ChallengeResponseAuthentication to the opposite value it was set at, 
gave it again a pouding of around 20 attempts, and again 1 succeeded. I 
tried reproducing my 'luck', but some 40 further attempts all yielded no 
score.

It then dawned on me that it might be simply PuTTY that is causing the 
errors, and indeed, I tried Tunnelier and it works a charm (with and 
without PAM), and during all atempts I made, it directly logged in 
without any issues.

Conclusion (or assumption, if you will): there seem to be some major 
incompatibility issues between PuTTY and FreeBSD 6.2's bundled SSH version.

Of course it is easy enough to use a different client at home, it's just 
that when abroad and wanting to check the machine, it is handy to 
quickly download PuTTY.exe and have a quick check without having to 
install a complete program...

Oh well, at least it works now, and I know the box was (and still is) 
configured correctly, and I have found a good work-around (i.e. using a 
better SSH client than PuTTY).

Cheers, and thanks for baring with me,
Olafo



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45D1BDCA.8050709>