keyboard-interactive vs. password authentication. They may "feel" the
same but they're not. I'd check which is going on, and maybe try
configuring the server for the other.
On Mon, Oct 26, 2015 at 4:12 PM, Martin T <m4rtn...@gmail.com> wrote:
> Stacy,
>
> I configured SSH server(OpenSSH) to log both the user name and
> password for all the successful and unsuccessful authorization
> attempts and turned out, that Juniper router sends an empty string as
> a password. I guess Junos uses FreeBSD scp utility for configuration
> archival if following configuration is used:
>
> configuration {
> transfer-on-commit;
> archive-sites {
> "scp://juniper@backupserver:/home/juniper/configbackups"
> password "$9$2joDkf5F9tOik0IhcMWGDjq5Q"; ## SECRET-DATA
> }
> }
>
>
> If yes, then Junos probably provides an empty password string to scp.
> Underlying XML also holds the correct obfuscated password, i.e. as far
> as I can tell, the password in configuration is correct. I also tried
> with other passwords, but the router still sends an empty string. How
> to troubleshoot this further? Has anyone seen such behavior(possibly a
> bug) before?
>
>
> thanks,
> Martin
>
> On Wed, Oct 21, 2015 at 7:39 PM, Stacy W. Smith <st...@acm.org> wrote:
>>
>>> On Oct 21, 2015, at 10:16 AM, Martin T <m4rtn...@gmail.com> wrote:
>>>
>>> SSH server log tells that "error: PAM: Authentication failure for juniper
>>> from r1".
>>
>>> What might cause this?
>>
>> Assuming the Junos version has not changed on the router, have there been
>> any changes to the SSH server, or the OS, on backupserver (potentially
>> including "security patches")?
>>
>> Assuming OpenSSH, you may want to "man sshd_config" and look into the
>> various <Method>Authentication settings as well as the UsePAM. I suspect
>> some recent upgrade may have changed the default value of some of these
>> settings.
>>
>> I would normally suggest changing the client's config to interoperate with
>> the server, but since that's not easy to do on a Junos device, you might
>> look at changing the server config.
>>
>> --Stacy
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
--
"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
