FreeBSD, SSH and "Enter Authentication Response"
Ruben de Groot
mail25 at bzerk.org
Tue Jan 13 13:55:20 PST 2004
On Tue, Jan 13, 2004 at 01:30:15PM -0800, Rishi Chopra typed:
> I've included copies of my /etc/ssh/ssh_config file and /etc/pam.d/ssh -
> I'm running a default minimal installation of FreeBSD 5.2:
>
> etc/ssh/ssh_config:
>
> # Host *
> # ForwardAgent no
> # ForwardX11 no
> # RhostsAuthentication no
> # RhostsRSAAuthentication no
> # RSAAuthentication yes
> # PasswordAuthentication yes
> # HostbasedAuthentication no
As Matthew suggested, you can put the line
ChallengeResponseAuthentication no
in here. Then restart sshd
good luck,
Ruben
> # BatchMode no
> # CheckHostIP no
> # StrictHostKeyChecking ask
> # IdentityFile ~/.ssh/identity
> # IdentityFile ~/.ssh/id_rsa
> # IdentityFile ~/.ssh/id_dsa
> # Port 22
> # Protocol 2,1
> # Cipher 3des
> # Ciphers
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
> # EscapeChar ~
> # VersionAddendum FreeBSD-20030423
>
>
> /etc/pam.d/ssh
>
> #
> # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
> #
> # PAM configuration for the "sshd" service
> #
>
> # auth
> auth required pam_nologin.so no_warn
> auth sufficient pam_opie.so no_warn
> no_fake_prompts
> auth requisite pam_opieaccess.so no_warn allow_local
> #auth sufficient pam_krb5.so no_warn
> try_first_pass
> #auth sufficient pam_ssh.so no_warn
> try_first_pass
> auth required pam_unix.so no_warn
> try_first_pass
>
> # account
> #account required pam_krb5.so
> account required pam_login_access.so
> account required pam_unix.so
>
> # session
> #session optional pam_ssh.so
> session required pam_permit.so
>
> # password
> #password sufficient pam_krb5.so no_warn
> try_first_pass
> password required pam_unix.so no_warn
> try_first_pass
>
>
> Any ideas what I should change?
>
> -Rishi
>
> Ruben de Groot wrote:
>
> >On Tue, Jan 13, 2004 at 11:55:50AM +0000, Matthew Seaman typed:
> >
> >
> >>On Mon, Jan 12, 2004 at 01:32:30PM -0800, Rishi Chopra wrote:
> >>
> >>
> >>>I have a nitpicky question about logging into a FreeBSD machine and
> >>>SSH. I'm using a minimal FreeBSD install and SSH Secure Shell client
> >>>v3.2.0 - the crux of the problem is I am unable to "smoothly" login.
> >>>
> >>>
> >>Which FreeBSD version? And are you running the OpenSSH server
> >>supplied with the system or one from ports?
> >>
> >>
> >
> >Judging by name and version number, I think he's not running OpenSSH
> >at all, but the other ssh implementation from ssh.org
> >
> >
> >
> >>>When I login to my machine, I'm prompted to enter an "authentication
> >>>response". A window is displayed with "Enter Authentication Response"
> >>>in the title bar, and two buttons at the bottom ('OK' and 'Cancel') -
> >>>the text says:
> >>>
> >>> Enter your authentication response.
> >>> Password:
> >>>
> >>>
> >>Sounds like you've got the PAM based challenge-response authentication
> >>enabled in your /etc/ssh/sshd_config (which is the default), but
> >>your /etc/pam.conf (FreeBSD 4.x) or /etc/pam.d (FreeBSD 5.x) has a
> >>modified configuration.
> >>
> >>Here are a couple of things to try --
> >>
> >>Turn off Challenge-response authentication in /etc/ssh/sshd_config
> >>
> >>Change:
> >>
> >> #ChallengeResponseAuthentication yes
> >>
> >>to
> >>
> >> ChallengeResponseAuthentication no
> >>
> >>and then:
> >>
> >> # kill -HUP `cat /var/run/sshd.pid`
> >>
> >>to get it to reread the config.
> >>
> >>-- or --
> >>
> >>Double check the PAM settings: they should look like this in /etc/pam.conf
> >>
> >> # OpenSSH with PAM support requires similar modules. The session one
> >> is
> >> # a bit strange, though...
> >> sshd auth sufficient pam_skey.so
> >> sshd auth sufficient pam_opie.so
> >> no_fake_prompts
> >> #sshd auth requisite pam_opieaccess.so
> >> #sshd auth sufficient pam_kerberosIV.so
> >> try_first_pass
> >> #sshd auth sufficient pam_krb5.so
> >> try_first_pass
> >> sshd auth required pam_unix.so
> >> try_first_pass
> >> sshd account required pam_unix.so
> >> sshd password required pam_permit.so
> >> sshd session required pam_permit.so
> >>
> >>The /etc/pam.d case is similar, except you should have a file called
> >>'sshd' in that directory, whose contents are similar, but without the
> >>'sshd' entries in the first column.
> >>
> >> Cheers,
> >>
> >> Matthew
> >>
> >>
> >>--
> >>Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
> >> Savill Way
> >>PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
> >>Tel: +44 1628 476614 Bucks., SL7 1TH UK
> >>
> >>
> >
> >
> >
> >
> >
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list