Bug in CURRENT OpenSSL/sshd?
Jon Noack
noackjr at alumni.rice.edu
Sat May 15 15:20:00 PDT 2004
Forrest Aldrich wrote:
> I use SecureCRT from Windows/XP to connect to my various FreeBSD servers.
>
> When I updated (twice installed to verify) from FreeBSD-5.2.1 to
> FreeBSD-CURRENT, I'm no longer able to log in via SecureCRT. The error
> indicates there are no authentication methods.
>
> I've changed my config in SecureCRT to "Keyboard Interactive" which
> works fine. This is not a bug with SecureCRT, it is on the sshd side.
>
> I tried uncommenting PasswordAuthentication in /etc/ssh/sshd_config and
> that didn't make a difference.
>
> Wondering if anyone else has seen this problem, as I'd like to narrow
> this down and get it fixed.
For what it is worth, Keyboard-Interactive is the better choice. You
must have missed this when you read UPDATING (you did read UPDATING,
didn't you? ;-):
20040226:
Some sshd configuration defaults have changed: protocol version 1
is no longer enabled by default, and password authentication is
disabled by default if PAM is enabled (which it is by default).
OpenSSH clients should not be affected by this; other clients may
have to be reconfigured, upgraded or replaced.
Uncommenting PasswordAuthentication should restore the previous behavior
(although the email from des@ said to uncomment protocol version 1 as
well). Did you restart sshd before testing? You might try an 'ssh -v
hostname' with an OpenSSH client to be sure it is picking up the option.
Look for a line like the following:
debug: Authentications that can continue: publickey,keyboard-interactive
With PasswordAuthentication you should also see "password" in there.
Jon Noack
More information about the freebsd-current
mailing list