From owner-freebsd-questions Wed Jun 28 0:41: 2 2000 Delivered-To: freebsd-questions@freebsd.org Received: from smtp.nwlink.com (smtp.nwlink.com [209.20.130.57]) by hub.freebsd.org (Postfix) with ESMTP id 01E6A37BEAC for ; Wed, 28 Jun 2000 00:40:58 -0700 (PDT) (envelope-from cac@fuzzer.com) Received: from craigc (ip133.gte8.rb1.bel.nwlink.com [209.20.237.133]) by smtp.nwlink.com (8.9.3/8.9.3) with SMTP id AAA14819; Wed, 28 Jun 2000 00:40:55 -0700 (PDT) Message-ID: <05f101bfe0d5$c5acb830$0201010a@craigc> From: "Craig Critchley" To: "Jon" , References: <39593C7C.9B06B019@state.net> Subject: Re: OpenSSH 3.4-R: Can't log in from remote ssh client Date: Wed, 28 Jun 2000 00:52:13 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG From: "Jon" > I've d/l'd openssh-2.1.1p1 from ftp.openbsd.org today, and was trying to > install it on the system described above. I need ssh2 compatibility, ... > from a remote client that is running all the same versions of programs > above (on a Solaris 7.7 box), I get a login prompt, but if I try logging > in using my user account or root, I get denied... > > root@jenny's password: > Permission denied, please try again. > > If I ssh from the FreeBSD box to the Solaris box, everything works. It > seems that the FreeBSD box isn't processing the password or the login > correctly. Can anyone offer me some advise or help on this? > I had the same problem installing openssh on a 3.2-release machine. First, look at /var/log/messages to see if sshd is complaining about anything. One thing to check is that openssh on freebsd defaults to using pam ("pluggable authentication modules") so you need to make sure you add the sshd entries in pam.conf (or /etc/pam.d/sshd depending on how you want to organize things). This is in openssh's INSTALL file so you may have already done that, however, INSTALL doesn't mention there's a sample file in contrib/sshd.pam.freebsd (in the openssh sources). Or, you can build openssh without pam support with a configure switch, --without-pam. In my case, I also had a problem with the required PAM module, pam_unix.so, because the crypt() function was undefined. I tried rebuilding without pam, but got a link error on crypt(). I then added -lcrypt (to get libcrypt.a linked into sshd) to the makefile, still building --without-pam. This seems to have fixed the problem; at least, sshd is working and I can log in remotely. I am not a freebsd development expert, and definitely not an openssh/openssl expert, and i suspect what i did was wrong (it certainly seems like a hack). if what I described rings any bells with any experts, I'd like to know what I should have really done. at the very least, I'd like to know that I haven't just opened a gaping hole on the machine... As for installing from the ports collection, I'm afraid I broke the ports tree on this machine and have been too lazy to fix it, especially as the fix is probably to just upgrade to the latest rev... so far openssh is the only software I've had any trouble with installing manually... ...Craig To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message