From owner-freebsd-questions Sat Dec 28 2:58:10 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8900037B401 for ; Sat, 28 Dec 2002 02:58:08 -0800 (PST) Received: from east.ath.cx (catv-50622a7a.nyircatv.broadband.hu [80.98.42.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8BD1843EC5 for ; Sat, 28 Dec 2002 02:58:02 -0800 (PST) (envelope-from witch@kronos.HomeUnix.com) X-Complaints-To: abuse@kronos.homeunix.com X-SMTP-Authenticated: CRAM-MD5 X-message-flag: Ditch the crappy mail client and get a real one! Received: from slave.east.ath.cx (o1khuwkj69w621xr@slave.kronos.homeunix.com [10.1.1.1]) (authenticated bits=0) by east.ath.cx (8.12.6/8.12.6) with ESMTP id gBSAvnuf053033 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK) for ; Sat, 28 Dec 2002 11:57:50 +0100 (CET) (envelope-from witch@slave.east.ath.cx) Received: from slave.east.ath.cx (localhost [127.0.0.1]) by slave.east.ath.cx (8.12.6/8.12.6) with ESMTP id gBSAvnQo023630 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Sat, 28 Dec 2002 11:57:49 +0100 (CET) (envelope-from witch@slave.east.ath.cx) Received: (from witch@localhost) by slave.east.ath.cx (8.12.6/8.12.6/Submit) id gBSAvi3Z023575; Sat, 28 Dec 2002 11:57:44 +0100 (CET) Date: Sat, 28 Dec 2002 11:57:44 +0100 (CET) From: Andrew Prewett Reply-To: Andrew Prewett To: freebsd-questions@FreeBSD.ORG Subject: RE: sshd and passwordauthentication In-Reply-To: <000201c2adcd$76a76ce0$952b6e94@lucifer> Message-ID: <20021228114240.N18941@slave.east.ath.cx> References: <000201c2adcd$76a76ce0$952b6e94@lucifer> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Dec 27 Didier Wiroth wrote: > I'm using a windows client, putty where I didn't find that kind of option, > here is the output of "ssh -v" from linux test machine: > > OpenSSH_2.9.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090601f > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Seeding random number generator > debug1: Rhosts Authentication disabled, originating port will not be > trusted. > debug1: restore_uid > debug1: ssh_connect: getuid 500 geteuid 500 anon 1 > debug1: Connecting to sshd.somewhere.com [sshd.somewhere.com] port 22. > debug1: temporarily_use_uid: 500/100 (e=500) > debug1: restore_uid > debug1: temporarily_use_uid: 500/100 (e=500) > debug1: restore_uid > debug1: Connection established. > debug1: identity file /home/user_test/.ssh/identity type -1 > debug1: identity file /home/user_test/.ssh/id_rsa type -1 > debug1: identity file /home/user_test/.ssh/id_dsa type -1 id_rsa and/or id_dsa exists? > debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 > FreeBSD-20020702 > debug1: match: OpenSSH_3.4p1 FreeBSD-20020702 pat ^OpenSSH > debug1: Local version string SSH-1.5-OpenSSH_2.9.9p2 > debug1: Waiting for server public key. > debug1: Received server public key (768 bits) and host key (1024 bits). > debug1: Host 'sshd.somewhere.com' is known and matches the RSA1 host key. > debug1: Found key in /home/user_test/.ssh/known_hosts:2 > debug1: Encryption type: 3des > debug1: Sent encrypted session key. > debug1: Installing crc compensation attack detector. > debug1: Received encrypted confirmation. > debug1: Doing challenge reponse authentication. > Password: > Response: > > Does that help? > [...] > > On Fri, Dec 27, 2002 at 04:02:52PM +0100, Didier Wiroth wrote: > > > These are the only activated options: > > > Protocol 2,1 > > > ListenAddress x.y.z.x > > > LoginGraceTime 40 > > > PermitRootLogin no > > > PasswordAuthentication no > > > PermitEmptyPasswords no > > > Subsystem sftp /usr/libexec/sftp-server Few options to experiment: RhostsRSAAuthentication yes HostbasedAuthentication yes IgnoreUserKnownHosts no UseLogin no -andrew > > > > > > All other options are commented with a '#'! > > > Any clues? > > > There is no warning in /var/log/messages! > > > > Hmmm... This looks OK to me. What output do you get if you log in to > > the box using `ssh -v my.host'? It should print details of protocol > > negotiation, authentication steps, etc. > > > > Dan > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message