Matthew: Your suggestion worked beautifully. Changing /etc/ssh/sshd_config solved my "confirmation login" problem quite nicely. Just to confirm, I am running the version of SSH that comes standard with FreeBSD 5.1-RELEASE.
-- Rishi Chopra http://www.ocf.berkeley.edu/~rchopra
Matthew Seaman wrote:
On Tue, Jan 13, 2004 at 01:30:15PM -0800, Rishi Chopra wrote:
I've included copies of my /etc/ssh/ssh_config file and /etc/pam.d/ssh - I'm running a default minimal installation of FreeBSD 5.2:
etc/ssh/ssh_config:
Um... /etc/ssh/sshd_config is more to the point -- ssh_config is for the client side, ssh*d*_config is for the server side.
However if you've just installed the system then chances are the sshd_config is unmodified from the default settings.
Try turning off the challenge-response stuff as I suggested in my earlier e-mail. ie. make it so that sshd_config contains:
ChallengeResponseAuthentication no
/etc/pam.d/ssh
That looks fine.
Hmmm... This does look like a peculiar interaction of your particular SSH client software and the OpenSSH server code on FreeBSD.
Normally I'd suggest running the client side connection with debugging turned up high, eg:
% ssh -v -v -v host.example.com
but I don't know what the equivalent of that is for the client software you're using.
A very good diagnostic test though is to run the server side with the debugging turned up. A good trick is to run it on an alternative port so you can run it in parallel with your regular sshd. eg:
# sshd -d -d -d -p 24
You can then connect to the alternate port by:
% ssh host.example.com:24
This will produce quite a lot of output, and exit after the ssh session. By comparing this output to the equivalent output from a machine where you don't have the problem you should be able to tell what the FreeBSD box is doing differently, and maybe work out how to fix it. Be aware that the full debug output from sshd should not be published as it can contain privileged information.
Cheers,
Matthew
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"