To quote Ringo Starr ala The Simpsons, "Please forgive the lateness of my reply".

Matthew: Your suggestion worked beautifully. Changing /etc/ssh/sshd_config solved my "confirmation login" problem quite nicely. Just to confirm, I am running the version of SSH that comes standard with FreeBSD 5.1-RELEASE.

Rishi Chopra

Matthew Seaman wrote:
On Tue, Jan 13, 2004 at 01:30:15PM -0800, Rishi Chopra wrote:

I've included copies of my /etc/ssh/ssh_config file and /etc/pam.d/ssh - I'm running a default minimal installation of FreeBSD 5.2:


Um... /etc/ssh/sshd_config is more to the point -- ssh_config is for
the client side, ssh*d*_config is for the server side.

However if you've just installed the system then chances are the
sshd_config is unmodified from the default settings.

Try turning off the challenge-response stuff as I suggested in my
earlier e-mail. ie. make it so that sshd_config contains:

ChallengeResponseAuthentication no


That looks fine.

Hmmm... This does look like a peculiar interaction of your particular
SSH client software and the OpenSSH server code on FreeBSD.

Normally I'd suggest running the client side connection with debugging
turned up high, eg:

% ssh -v -v -v

but I don't know what the equivalent of that is for the client
software you're using.

A very good diagnostic test though is to run the server side with the
debugging turned up.  A good trick is to run it on an alternative port
so you can run it in parallel with your regular sshd. eg:

# sshd -d -d -d -p 24

You can then connect to the alternate port by:

% ssh

This will produce quite a lot of output, and exit after the ssh
session.  By comparing this output to the equivalent output from a
machine where you don't have the problem you should be able to tell
what the FreeBSD box is doing differently, and maybe work out how to
fix it.  Be aware that the full debug output from sshd should not be
published as it can contain privileged information.



[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to