FreeBSD, SSH and "Enter Authentication Response"
Matthew Seaman
matthew at cryptosphere.com
Tue Jan 13 03:56:21 PST 2004
On Mon, Jan 12, 2004 at 01:32:30PM -0800, Rishi Chopra wrote:
> I have a nitpicky question about logging into a FreeBSD machine and
> SSH. I'm using a minimal FreeBSD install and SSH Secure Shell client
> v3.2.0 - the crux of the problem is I am unable to "smoothly" login.
Which FreeBSD version? And are you running the OpenSSH server
supplied with the system or one from ports?
> When I login to my machine, I'm prompted to enter an "authentication
> response". A window is displayed with "Enter Authentication Response"
> in the title bar, and two buttons at the bottom ('OK' and 'Cancel') -
> the text says:
>
> Enter your authentication response.
> Password:
Sounds like you've got the PAM based challenge-response authentication
enabled in your /etc/ssh/sshd_config (which is the default), but
your /etc/pam.conf (FreeBSD 4.x) or /etc/pam.d (FreeBSD 5.x) has a
modified configuration.
Here are a couple of things to try --
Turn off Challenge-response authentication in /etc/ssh/sshd_config
Change:
#ChallengeResponseAuthentication yes
to
ChallengeResponseAuthentication no
and then:
# kill -HUP `cat /var/run/sshd.pid`
to get it to reread the config.
-- or --
Double check the PAM settings: they should look like this in /etc/pam.conf
# OpenSSH with PAM support requires similar modules. The session one is
# a bit strange, though...
sshd auth sufficient pam_skey.so
sshd auth sufficient pam_opie.so no_fake_prompts
#sshd auth requisite pam_opieaccess.so
#sshd auth sufficient pam_kerberosIV.so try_first_pass
#sshd auth sufficient pam_krb5.so try_first_pass
sshd auth required pam_unix.so try_first_pass
sshd account required pam_unix.so
sshd password required pam_permit.so
sshd session required pam_permit.so
The /etc/pam.d case is similar, except you should have a file called
'sshd' in that directory, whose contents are similar, but without the
'sshd' entries in the first column.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040113/7f637209/attachment.bin
More information about the freebsd-questions
mailing list