Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 6 Sep 2015 18:56:40 -0400
From:      Jaime Kikpole <jkikpole@cairodurham.org>
To:        Matthew Seaman <matthew@freebsd.org>
Cc:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: Strange SFTP and PAM failure
Message-ID:  <CA%2Bsg5RSZDTdL2BuY9pNewZ-Kk0ZV_R-RFOrvQa6XDGveUZJtqg@mail.gmail.com>
In-Reply-To: <55DC0D95.80202@FreeBSD.org>
References:  <CA%2Bsg5RQ-yMgsbq5VA-SNDDkUaYcVJUEPAe-iqfDLR1EFuVyCTg@mail.gmail.com> <55D6466F.9070200@FreeBSD.org> <CA%2Bsg5RQK9OYVtUw9O7TJFqpFrHUX4GsWTyPE5HEm=je-KypjeA@mail.gmail.com> <55DC0D95.80202@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
I think I have an answer, but I don't know if it is a good idea or not.

When I asked, they eventually told me they're using Java 1.8 Update
51.  After weeks of wasted time, they escalated it to engineering.
(And I do mean "wasted."  It took three days for them to "pull the
logs" (their words) so that someone could review them.  Not 3 days to
review them.  Just to "pull the logs.")

Meanwhile, I've been tinkering and trying until I found that changing
"PasswordAuthentication" in /etc/sshd_config from the default of "no"
to "yes" will allow the PowerSchool system to make an SFTP connection
and successfully push the text file over the link.

So my question now becomes:  Is this a good idea?

The man page seems to say that I should set
ChallengeResponseAuthentication to "no" if PasswordAuthentication is
set to "yes".  Should I make that change?  Should I just disable PAM
within sshd?

I also freely admit that I don't have a deep understanding of PAM and
usually leave it on the default settings.  Perhaps I just have a silly
setting in PAM.

Any advice would be appreciated.  Thanks in advance!

-- 
Jaime Kikpole
Network Administrator
Cairo-Durham Central School District

Technical Support:
help@cairodurham.org
go.cairodurham.org/techtips

-- 
This electronic message and any attachment(s) may contain confidential or 
legally privileged information protected by law from further disclosure and 
is intended only for the individual or entity identified above as the 
addressee. If you are not the addressee (or the employee or agency 
responsible to deliver it to the addressee), or if this message has been 
addressed to you in error, you are hereby notified that you may not copy, 
forward, disclose or use any part of this message or any attachment(s). 
Please notify the sender immediately by return email or telephone and 
permanently delete this message and attachment(s) from your system.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bsg5RSZDTdL2BuY9pNewZ-Kk0ZV_R-RFOrvQa6XDGveUZJtqg>