Re: Help please: how to enable SSH password authentication under FreeBSD 6.2?
On Monday, 12 February 2007 at 13:29:22 +0100, Olaf Greve wrote: On Monday, 12 February 2007 at 14:54:26 +0100, Olaf Greve wrote: On Monday, 12 February 2007 at 15:44:42 +0100, Olaf Greve wrote: > Hi guys, > > (Firstly: I posted this message well over an hour ago, and it does not > seem to have come through, in case you recieve this twice, then I'm > sorry for that :P ) Three times. Once a week there's a regular posting on this list "How to ask questions". To quote: 8. If you don't get an answer immediately, or if you don't even see your own message appear on the list immediately, don't resend the message. Wait at least 24 hours. The FreeBSD mailer offloads messages to a number of subordinate mailers around the world, and sometimes it can take several hours for the mail to get through. And once it gets through, the one person who might know the answer will probably just have gone to bed in his part of the world. I know this message has been unchanged for years, and that most people (myself included) normally delete it unread. But from time to time it's worth reminding yourself. Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply or reply to the original recipients. For more information, see http://www.lemis.com/questions.html See complete headers for address and phone numbers. pgp6oASZOURxk.pgp Description: PGP signature
Re: Help please: how to enable SSH password authentication under FreeBSD 6.2?
Hi Garrett, Firstly: thanks for your reply! Just looking at your config everything appears to be fine. If you don't have PAM enabled or don't want it enabled though you should uncomment this line in your config: # Change to no to disable PAM authentication ChallengeResponseAuthentication no Hmmm, I shall try that, and I am wondering now whether PAM is or isn't enabled. I basically just installed FreeBSD, choosing the 'all' option when it asked for what to include in the installation. As for packages, I only selected cvs-without-gui, and then went ahead with the installation (I chose not to enable SSH through inetd, but I did enable it through the explicit question whether I wanted or not to do so). Now... Does this method perhaps not enable PAM yet? As for the previous installation: I clearly recall having had a similar (or the very same) issue too, but I just don't remember how I ended up solving it (this was over 1,5 years ago, and I didn't take notes :o ). Come to think of it, I'm not certain anymore now whether this problem (and it's solution) surfaced when first configuring SSHD (as I think was the case), or when setting up rsync synchronisation between the two machines. Key question here: if the above steps do not already implicitly enable PAM, how can I do so myself? Is this done in the kernel, by changing the config and recompiling and installing it, or can this done somehow through rc.conf (or by enabling/installing/configuring it otherwise)? Then regarding your further questions: 1) Did you restart your daemon? Yes, by doing a "kill -s HUP " (not by doing an "/etc/rc.d/sshd restart" or so). I did check the SSHD process id afterwards, and indeed that was restarted. 2) Are you using the ssh available in the base system or ports? The base system one. I did already update the ports tree (with the ports-supfile set to all ports), but I haven't rebuilt sshd. Do you think this could make the difference? Thanks again, I hope this further information (and questions) helps for determining the cause... Cheers, Olafo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Help please: how to enable SSH password authentication under FreeBSD 6.2?
Olaf Greve wrote: Hi guys, (Firstly: I posted this message well over an hour ago, and it does not seem to have come through, in case you recieve this twice, then I'm sorry for that :P ) Sorry to ask such a trivial question, and I'm positive it must have been treated here before, but I just can't remember how to do it exactly, and perhaps someone can give me a quick answer and spare me hours of further RTFM-ing. :P The issue: I'm (re-) installing my fall-back server, and selected FreeBSD 6.2 i386 release (generic kernel, for now) for that. Now, I want to be able to access it using SSH (PuTTY, most often) from anywhere in the world, and hence would like to enable password authentication in SSH again. Therefore, I used the same /etc/ssh/sshd_config (as listed down below, with dummy names abc, def, and ghi in the AllowUsers line) as on my live server, where this works fine. However, when I try accessing it using PuTTY, PuTTY keeps failing mentioning something like 'host key check failed'. In the debug.log file on the fallback machine, I learnt that PuTTY only tries the SSH2 protocol, and doesn't fall back to SSH1 when it notices that that fails. On the live server (FreeBSD 5.4-release AMD64, custom kernel), this works a charm, and on that machine the debug.log file does mention PuTTY (yes, the very same as used for trying to connect to the fallback machine) that PuTTY falls back to SSH1 and uses PAM for authentication... The question: I recall having had this issue before, and I *think* the resolution was to enable PAM authentication or so outside of /etc/ssh/sshd_config. I thought to recall that I either did this in rc.conf (or the defaults for that), or in the custom kernel configuration. However, I couldn't find any hints to that anymore on the live box...:( Does anyone know how to get this going properly, and what it is that I'm overlooking? Tnx in advance and cheers! Olafo PS: the used /etc/ssh/sshd_config file's contents follows here: Just looking at your config everything appears to be fine. If you don't have PAM enabled or don't want it enabled though you should uncomment this line in your config: # Change to no to disable PAM authentication ChallengeResponseAuthentication no 1) Did you restart your daemon? 2) Are you using the ssh available in the base system or ports? Cheers, -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"