FreeBSD, SSH and "Enter Authentication Response"

Matthew Seaman m.seaman at infracaninophile.co.uk
Tue Jan 13 13:56:05 PST 2004


On Tue, Jan 13, 2004 at 01:30:15PM -0800, Rishi Chopra wrote:
> I've included copies of my /etc/ssh/ssh_config file and /etc/pam.d/ssh - 
> I'm running a default minimal installation of FreeBSD 5.2:
 
> etc/ssh/ssh_config:

Um... /etc/ssh/sshd_config is more to the point -- ssh_config is for
the client side, ssh*d*_config is for the server side.

However if you've just installed the system then chances are the
sshd_config is unmodified from the default settings.

Try turning off the challenge-response stuff as I suggested in my
earlier e-mail. ie. make it so that sshd_config contains:

    ChallengeResponseAuthentication no

> /etc/pam.d/ssh

That looks fine.

Hmmm... This does look like a peculiar interaction of your particular
SSH client software and the OpenSSH server code on FreeBSD.

Normally I'd suggest running the client side connection with debugging
turned up high, eg:

    % ssh -v -v -v host.example.com

but I don't know what the equivalent of that is for the client
software you're using.

A very good diagnostic test though is to run the server side with the
debugging turned up.  A good trick is to run it on an alternative port
so you can run it in parallel with your regular sshd. eg:

    # sshd -d -d -d -p 24

You can then connect to the alternate port by:

    % ssh host.example.com:24

This will produce quite a lot of output, and exit after the ssh
session.  By comparing this output to the equivalent output from a
machine where you don't have the problem you should be able to tell
what the FreeBSD box is doing differently, and maybe work out how to
fix it.  Be aware that the full debug output from sshd should not be
published as it can contain privileged information.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040113/95d90928/attachment.bin


More information about the freebsd-questions mailing list