Thanks to all who have patiently answered my previous questions. I've got another one.
I'm using 5.2.1. My logs show attempts to break into my system via ssh, telnet, and ftp (I use strong passwords, thankfully, and no common user accounts like admin, guest, and so on) and so I'm trying to tighten security. I have run into a problem, however - I've set things up so only two accounts can connect via ssh (telnet disabled outside the local net) and I've started using opie. However, ssh will not recognize and use opie. Local telnet does, as does ftpd, but not sshd. The list archives has a thread that deals with the reverse problem (i.e. sshd prompting for challenge response and not using passwords), but that hasn't been any help here.
I've included sshd_config and /etc/pam.d/sshd. I've left out all commented out lines for brevity.
From /etc/sshd_config: -----------------------------------------
AuthorizedKeysFile .ssh/authorized_keys (Not sure how this got uncommented)
AllowGroups grp1
PasswordAuthentication no
ChallengeResponseAuthentication yes
Subsystem sftp /usr/libexec/sftp-server
...... All other items commented out =========================================
From /etc/pam.d/sshd: --------------------------------------------------
# auth
auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local
# account account required pam_login_access.so account required pam_unix.so
# session session required pam_permit.so
# password #password sufficient pam_krb5.so no_warn try_first_pass #password required pam_unix.so no_warn try_first_pass
=======================================
If I read the handbook on SSH and the paper on PAM correctly, this should be working.
Anyone have any idea why it might not be? What have I managed to screw up this time?
thanx Gene
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
