https://bugzilla.mindrot.org/show_bug.cgi?id=1904
--- Comment #2 from mathew <[email protected]> 2011-06-25 06:23:07 EST --- Just checked using Debian 6.0 and default setup, which does have PAM enabled. Created a new blank account, checked that certificate-based authentication worked, and then expired the password and tried to run an rsync session: $ rsync -av -e 'ssh -l sshtest' haddock.txt castor.local:. WARNING: Your password has expired. Password change required but no TTY available. rsync: connection unexpectedly closed (0 bytes received so far) [sender] rsync error: error in rsync protocol data stream (code 12) at io.c(601) [sender=3.0.7] >From the logs, it looks as if pam_unix is always activated by sshd, even if Unix password authentication is not being used: <38>1 2011-06-24T15:09:23.691311-05:00 castor sshd 25622 - - Accepted publickey for sshtest from 10.0.1.200 port 45366 ssh2 <86>1 2011-06-24T15:09:23.692556-05:00 castor sshd 25622 - - pam_unix(sshd:session): session opened for user sshtest by (uid=0) pam.d/sshd loads directives from common-password common-account common-session and common-auth, so I grepped for pam_unix: common-password:password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 common-account:account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so common-session:session required pam_unix.so common-auth:auth [success=1 default=ignore] pam_unix.so nullok_secure I tried changing common-session to say 'sufficient pam_unix.so' instead of required, restarted sshd, but it didn't seem to make any difference. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
