On Thursdayen den 1 August 2002 13.59, Borsenkow Andrej wrote: > > On Thursdayen den 1 August 2002 13.02, Borsenkow Andrej wrote: > > > > On Thursdayen den 1 August 2002 10.03, Borsenkow Andrej wrote: > > > > > 20020426 > > > > > - (djm) Disable PAM password expiry until a complete fix for > > bug > > > > #188 > > > > > > > > exists > > > > > > > > > > disable where? > > > > > > > > Disable privsep is another way to do it. > > > > > > that means that sshd in default installation has large bug. If > > privsep > > > > results in complete user lockout, then _PLEASE_ disable it by > > default. > > > True, and this has been discussed earlier IIRC. > > Unfortunately disabling privsep still does not wotk. Now it fails > differently but still fails, at lest when using the same openssh client > version. May be there is something else that must be changed?
Hmmm, I thought this was only a server side thing... Does your sshd_config look like this "UsePrivilegeSeparation no" on the server, and (silly question) have you restarted the sshd (stop|start)?. > bor@cooker% ssh iap-pxy-mow1 > Enter passphrase for key '/home/bor/.ssh/id_rsa': > Enter passphrase for key '/home/bor/.ssh/id_dsa': > bor@iap-pxy-mow1's password: > Permission denied, please try again. > bor@iap-pxy-mow1's password: > Received disconnect from x.x.x.x: 2: Too many authentication failures > for bor ssh -vvv is your friend. I think an ssh key login will override this, have you tried this? >From what I know it doesn't help to pass any privsep stuff using the client. Well..., I don't know much about this other than one must keep away from passwd aging (or privsep) until the ssh pam bug is fixed. Sorry... -- Regards // Oden Eriksson Deserve-IT Networks -> http://d-srv.com
