Strange SFTP and PAM failure

Matthew Seaman matthew at
Thu Aug 20 21:30:43 UTC 2015

On 20/08/2015 21:50, Jaime Kikpole wrote:
> When I tried to make one of these failed connections, I saw this in
> /var/log/messages:
> Aug 20 16:37:48 apps sshd[564]: error: PAM: authentication error for
> <<username>> from <<IP of PowerSchool>>
> Aug 20 16:37:48 apps sshd[564]: error: Received disconnect from <<IP
> of PowerSchool>>: 3: com.jcraft.jsch.JSchException: Auth cancel
> [preauth]
> Any idea what might be causing this?

Do you know what JDK is being used?  IIRC OpenJDK-7 doesn't provide all
the up to date and still considered secure ciphers.  OpenJDK-8 might
work better for you.  So, for instance if you look at

and scroll down to the section showing browser compatibility, you'll see
Java 6 and Java 7 won't work.  Now, SSH connections do not use TLS per
se, but the principle is the same: disabling the older, less secure
ciphers can result in older clients being locked out.

There's some interesting discussion on about why
you might want to do that and how to maximize your security.  Note:
blindly following the changes given in that blog posting probably *will*
*not* help with your problem -- quite the reverse in fact.  It's
relevant here solely because of the explanations about what ciphers can
still be trusted.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 957 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-questions mailing list