From owner-freebsd-questions@freebsd.org Sun Sep 6 22:57:08 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3B9C19C82DE for ; Sun, 6 Sep 2015 22:57:08 +0000 (UTC) (envelope-from jkikpole@cairodurham.org) Received: from mail-io0-f182.google.com (mail-io0-f182.google.com [209.85.223.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 10A2A151 for ; Sun, 6 Sep 2015 22:57:07 +0000 (UTC) (envelope-from jkikpole@cairodurham.org) Received: by ioiz6 with SMTP id z6so72221529ioi.2 for ; Sun, 06 Sep 2015 15:56:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=maVWLb8s06HQ6L/efcpdG4tCEZcGqq6/i5G3NSl5S0w=; b=VNjjIpOVfiCucNEaWxe+lro1nGlA7m1IAIBmmJudgRene1dnx8FCDKm42K/lLNEnYv 0bFJwKagkAlpJq9+Ba4VIJwVpK9fgr/F0CgyJk8KlETKmuIewCqUYT9NdcKisopBTivD Z4HeH9NRMICWIQSu4isHVoDsSFNnSGnssTC5G6bbPLcqg1mPGx0BVkA7mo+O6o8NWwZe 53Oig89pz0a0pyQv9Cc/EoPjsg2tBDmvGvss9c39+R+yGLgT3B8IsY4cPRfBKdREXr7q BqUrafNtmar8khnMbSYr7blY119tQIDYnUJ2euleVRliS8RLkNbb6Jhze4sY0qyNhR66 UqWg== X-Gm-Message-State: ALoCoQnng5S/uhWFcuP9NNwbRooP7sS3l5LFE3SvfnuXUlp2MneZcygpFExYh83SeS0+2lnUeEkkp4eiphSucHULrom1gb8Jzlcyfp8cuc/Xt+QNYAN7xVeSX/mHkrfL/W5crP7Zu3Um X-Received: by 10.107.6.73 with SMTP id 70mr10771566iog.158.1441580219772; Sun, 06 Sep 2015 15:56:59 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.59.205 with HTTP; Sun, 6 Sep 2015 15:56:40 -0700 (PDT) In-Reply-To: <55DC0D95.80202@FreeBSD.org> References: <55D6466F.9070200@FreeBSD.org> <55DC0D95.80202@FreeBSD.org> From: Jaime Kikpole Date: Sun, 6 Sep 2015 18:56:40 -0400 Message-ID: Subject: Re: Strange SFTP and PAM failure To: Matthew Seaman Cc: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Sep 2015 22:57:08 -0000 I think I have an answer, but I don't know if it is a good idea or not. When I asked, they eventually told me they're using Java 1.8 Update 51. After weeks of wasted time, they escalated it to engineering. (And I do mean "wasted." It took three days for them to "pull the logs" (their words) so that someone could review them. Not 3 days to review them. Just to "pull the logs.") Meanwhile, I've been tinkering and trying until I found that changing "PasswordAuthentication" in /etc/sshd_config from the default of "no" to "yes" will allow the PowerSchool system to make an SFTP connection and successfully push the text file over the link. So my question now becomes: Is this a good idea? The man page seems to say that I should set ChallengeResponseAuthentication to "no" if PasswordAuthentication is set to "yes". Should I make that change? Should I just disable PAM within sshd? I also freely admit that I don't have a deep understanding of PAM and usually leave it on the default settings. Perhaps I just have a silly setting in PAM. Any advice would be appreciated. Thanks in advance! -- Jaime Kikpole Network Administrator Cairo-Durham Central School District Technical Support: help@cairodurham.org go.cairodurham.org/techtips -- This electronic message and any attachment(s) may contain confidential or legally privileged information protected by law from further disclosure and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agency responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachment(s). Please notify the sender immediately by return email or telephone and permanently delete this message and attachment(s) from your system.