I've included copies of my /etc/ssh/ssh_config file and /etc/pam.d/ssh - I'm running a default minimal installation of FreeBSD 5.2:

etc/ssh/ssh_config:

# $FreeBSD: src/crypto/openssh/ssh_config,v 1.21 2003/04/23 17:10:53 des Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for various options

# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP no
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
# VersionAddendum FreeBSD-20030423



/etc/pam.d/ssh


#
# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
#
# PAM configuration for the "sshd" service
#

# auth
auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass


# account
#account        required        pam_krb5.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
#session        optional        pam_ssh.so
session         required        pam_permit.so

# password
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass



Any ideas what I should change?


-Rishi

Ruben de Groot wrote:

On Tue, Jan 13, 2004 at 11:55:50AM +0000, Matthew Seaman typed:


On Mon, Jan 12, 2004 at 01:32:30PM -0800, Rishi Chopra wrote:


I have a nitpicky question about logging into a FreeBSD machine and SSH. I'm using a minimal FreeBSD install and SSH Secure Shell client v3.2.0 - the crux of the problem is I am unable to "smoothly" login.


Which FreeBSD version? And are you running the OpenSSH server
supplied with the system or one from ports?



Judging by name and version number, I think he's not running OpenSSH at all, but the other ssh implementation from ssh.org



When I login to my machine, I'm prompted to enter an "authentication response". A window is displayed with "Enter Authentication Response" in the title bar, and two buttons at the bottom ('OK' and 'Cancel') - the text says:

Enter your authentication response.
Password:


Sounds like you've got the PAM based challenge-response authentication
enabled in your /etc/ssh/sshd_config (which is the default), but
your /etc/pam.conf (FreeBSD 4.x) or /etc/pam.d (FreeBSD 5.x) has a
modified configuration.

Here are a couple of things to try --

Turn off Challenge-response authentication in /etc/ssh/sshd_config

Change:

#ChallengeResponseAuthentication yes

to

ChallengeResponseAuthentication no

and then:

# kill -HUP `cat /var/run/sshd.pid`

to get it to reread the config.

-- or --

Double check the PAM settings: they should look like this in /etc/pam.conf

   # OpenSSH with PAM support requires similar modules.  The session one is
   # a bit strange, though...
   sshd    auth    sufficient      pam_skey.so
   sshd    auth    sufficient      pam_opie.so                     no_fake_prompts
   #sshd   auth    requisite       pam_opieaccess.so
   #sshd   auth    sufficient      pam_kerberosIV.so               try_first_pass
   #sshd   auth    sufficient      pam_krb5.so                     try_first_pass
   sshd    auth    required        pam_unix.so                     try_first_pass
   sshd    account required        pam_unix.so
   sshd    password required       pam_permit.so
   sshd    session required        pam_permit.so

The /etc/pam.d case is similar, except you should have a file called
'sshd' in that directory, whose contents are similar, but without the
'sshd' entries in the first column.

Cheers,

Matthew


--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK








_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to