Date: Wed, 10 Mar 2004 13:50:46 -0800 From: Rishi Chopra <rchopra@cal.berkeley.edu> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: questions@freebsd.org Subject: Re: FreeBSD, SSH and "Enter Authentication Response" Message-ID: <404F8DB6.8010608@cal.berkeley.edu> In-Reply-To: <20040113215551.GA69353@happy-idiot-talk.infracaninophile.co.uk> References: <4003126E.5030107@cal.berkeley.edu> <20040113115550.GB23956@happy-idiot-talk.infracaninophile.co.uk> <20040113122853.GD57681@ei.bzerk.org> <40046367.3050305@cal.berkeley.edu> <20040113215551.GA69353@happy-idiot-talk.infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
To quote Ringo Starr ala The Simpsons, "Please forgive the lateness of my reply". Matthew: Your suggestion worked beautifully. Changing /etc/ssh/sshd_config solved my "confirmation login" problem quite nicely. Just to confirm, I am running the version of SSH that comes standard with FreeBSD 5.1-RELEASE. -- Rishi Chopra http://www.ocf.berkeley.edu/~rchopra Matthew Seaman wrote: > On Tue, Jan 13, 2004 at 01:30:15PM -0800, Rishi Chopra wrote: > >>I've included copies of my /etc/ssh/ssh_config file and /etc/pam.d/ssh - >>I'm running a default minimal installation of FreeBSD 5.2: > > > >>etc/ssh/ssh_config: > > > Um... /etc/ssh/sshd_config is more to the point -- ssh_config is for > the client side, ssh*d*_config is for the server side. > > However if you've just installed the system then chances are the > sshd_config is unmodified from the default settings. > > Try turning off the challenge-response stuff as I suggested in my > earlier e-mail. ie. make it so that sshd_config contains: > > ChallengeResponseAuthentication no > > >>/etc/pam.d/ssh > > > That looks fine. > > Hmmm... This does look like a peculiar interaction of your particular > SSH client software and the OpenSSH server code on FreeBSD. > > Normally I'd suggest running the client side connection with debugging > turned up high, eg: > > % ssh -v -v -v host.example.com > > but I don't know what the equivalent of that is for the client > software you're using. > > A very good diagnostic test though is to run the server side with the > debugging turned up. A good trick is to run it on an alternative port > so you can run it in parallel with your regular sshd. eg: > > # sshd -d -d -d -p 24 > > You can then connect to the alternate port by: > > % ssh host.example.com:24 > > This will produce quite a lot of output, and exit after the ssh > session. By comparing this output to the equivalent output from a > machine where you don't have the problem you should be able to tell > what the FreeBSD box is doing differently, and maybe work out how to > fix it. Be aware that the full debug output from sshd should not be > published as it can contain privileged information. > > Cheers, > > Matthew >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?404F8DB6.8010608>