Why does SSH prompt for 2 passwords?

Gary D Kline kline at thought.org
Fri Apr 18 10:13:24 PDT 2003

On Fri, Apr 18, 2003 at 03:02:23PM +0200, Willie Viljoen wrote:
> On Friday 18 April 2003 0:48, someone, possibly Joe Lewis, typed:
> > Password:
> > Response:
> > joe at's password:
> The first prompt is PAM challenge response authentication. This uses the PAM 
> system instead of a just a flat read of /etc/master.passwd to authenticate, 
> and is also more secure than standard plaintext authentication.
> Unless your sshd is misconfigured, your configuration files and binaries are 
> out of sync (this happend when a system is upgraded without doing 
> mergemaster), this should not be happening, and you should be able to log 
> in at the first prompt. It might also be that the ssh client you are using 
> does not handle challenge response authentication properly.
> If you are happy with standard plaintext configuration, you may edit 
> /etc/ssh/sshd_config and change the setting to this:
> # Change to no to disable PAM authentication
> ChallengeResponseAuthentication no
> I'd recommend you rather get PAM fixed though, or use public key 
> authentication instead, that's much more secure than any form of password 
> authentication.

	I've bumped into this ssh problem myself when I try to reach
	sites outside my LAN, and it probably is a PAM authentication
	on my DNS server.   I've got to check that I mermastered the 
	4.8 pam file, but if that doesn't resolve this, can you tell 
	me how else to fix the problem?



   Gary Kline     kline at thought.org   www.thought.org     Public service Unix

More information about the freebsd-questions mailing list