Why does SSH prompt for 2 passwords?
Gary D Kline
kline at thought.org
Fri Apr 18 10:13:24 PDT 2003
On Fri, Apr 18, 2003 at 03:02:23PM +0200, Willie Viljoen wrote:
> On Friday 18 April 2003 0:48, someone, possibly Joe Lewis, typed:
>
> > Password:
> > Response:
> > joe at 192.168.1.1's password:
>
> The first prompt is PAM challenge response authentication. This uses the PAM
> system instead of a just a flat read of /etc/master.passwd to authenticate,
> and is also more secure than standard plaintext authentication.
>
> Unless your sshd is misconfigured, your configuration files and binaries are
> out of sync (this happend when a system is upgraded without doing
> mergemaster), this should not be happening, and you should be able to log
> in at the first prompt. It might also be that the ssh client you are using
> does not handle challenge response authentication properly.
>
> If you are happy with standard plaintext configuration, you may edit
> /etc/ssh/sshd_config and change the setting to this:
>
> # Change to no to disable PAM authentication
> ChallengeResponseAuthentication no
>
> I'd recommend you rather get PAM fixed though, or use public key
> authentication instead, that's much more secure than any form of password
> authentication.
>
I've bumped into this ssh problem myself when I try to reach
sites outside my LAN, and it probably is a PAM authentication
on my DNS server. I've got to check that I mermastered the
4.8 pam file, but if that doesn't resolve this, can you tell
me how else to fix the problem?
thanks,
gary
--
Gary Kline kline at thought.org www.thought.org Public service Unix
More information about the freebsd-questions
mailing list