sshd + pam_pgsql

[Sajó Zsolt Attila]

Hi!

I would like use the sshd with pam_pgsql module. But it isn't work, and I can't configure the pam debug too. So my two question:
How can I use the pam debug?
How do I use the sshd with pam-pgsql?

OS: FreeBSD 7.2

My /etc/pamd./sshd:
auth		required	pam_unix.so		no_warn try_first_pass
auth		sufficient	pam_pgsql.so config_file=/etc/ssh/ssh-pam_pgsql.conf
account		required	pam_unix.so
account 	requisite	pam_pgsql.so config_file=/etc/ssh/ssh-pam_pgsql.conf
password	required	pam_unix.so		no_warn try_first_pass
password	sufficient	pam_pgsql.so config_file=/etc/ssh/ssh-pam_pgsql.conf
session 	sufficient	pam_pgsql.so config_file=/etc/ssh/ssh-pam_pgsql.conf


My /etc/ssh/ssh-pam_pgsql.conf:
debug
pw_type = md5
connect = dbname=sshuser user=attila password=xxxxx
auth_query = select password from felhasznalok where user_name = %u
acct_query = select password from felhasznalok where user_name = %u
pwd_query = update account set password = %p where user_name = %u


psql -U attila -c "SELECT * FROM felhasznalok" sshuser":<code>
user_name | password | uid  | gid  | login_class | password_change_time | account_expiry_time | user_full_name | home_directory  | user_shell 
-----------+----------+------+------+-------------+----------------------+---------------------+----------------+-----------------+------------
 sftpuser2 | sara     | 2001 | 2001 | hungarian   |                      |                     | sftp user      | /home/.sftpuser | /bin/sh</code>


My /etc/ssh/sshd_conf:
[..]
UsePAM yes
PasswordAuthentication yes
PermitEmptyPasswords yes
PermitRootLogin  without-password
[..]



ssh -v -l sshuser2 luk1814.no-ip.org:
OpenSSH_5.1p1 FreeBSD-20080901, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to luk1814.no-ip.org [84.3.76.241] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 FreeBSD-20080901
debug1: match: OpenSSH_5.1p1 FreeBSD-20080901 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 FreeBSD-20080901
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'luk1814.no-ip.org' is known and matches the DSA host key.
debug1: Found key in /root/.ssh/known_hosts:6
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
Received disconnect from 84.3.76.241: 2: Too many authentication failures for sftpuser3