Date: Tue, 13 Feb 2007 09:04:10 -0500 From: Bill Moran <wmoran@collaborativefusion.com> To: Olaf Greve <o.greve@axis.nl> Cc: freebsd-questions@freebsd.org Subject: Re: [SOLVED] Help please: how to enable SSH password authentication under FreeBSD 6.2? Solved - but not in an expected way Message-ID: <20070213090410.c1aa29bc.wmoran@collaborativefusion.com> In-Reply-To: <45D1BDCA.8050709@axis.nl> References: <45D07D5A.2040307@axis.nl> <8930024.post@talk.nabble.com> <45D1BDCA.8050709@axis.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to Olaf Greve <o.greve@axis.nl>: > > To cut to the chase, I 'solved' the issue, or rather, the mystery around > it at least, but the 'solution' was not quite as expected. > > I tried both suggestions given. > > Firstly: > > > It rather looks like putty is checking the server key with the older one > > (you mentioned you reinstalled the box). > > Well... Yes and no. > Yes: the box was 'reinstalled', but completely cleanly, with a newer > FreeBSD version (i.e. 6.2 vs. 5.3), and using a completely different IP > address. Given those parameters, it's better to call it a clean install. :P > > Also, PuTTY never got to the stage where it infomrmed me that a new host > was found and if I wanted to store the fingerprint. Instead, it directly > bailed out with a message like 'Host key not found' (or something like > that). > > > try to delete the know_host entry in the register database (look for the > > entry start->run->regedit then look for the "SshHostKeys" entry and delete > > the old key). > > > > This should fix your pb ;) > > I did so anyway and it didn't seem to make a difference. I kept getting > the same error. > > Then I tried the other suggestion: > > ># Change to no to disable PAM authentication > >ChallengeResponseAuthentication no > > I did that (trying setting it to 'yes' as well as 'no') and this too, > did not seem to make a difference. > > Nowwww, normally PuTTY gives me the 'host key' error some 3 times or so > before properly finding any host, so I'm used to that. On the new box, I > tried it easily 15 times in a row before posing the question yesterday. > > Today I gave it a longer pounding, and lo and behold: all of a sudden > after some 30 attempts it worked! Then, I tried switching the > ChallengeResponseAuthentication to the opposite value it was set at, > gave it again a pouding of around 20 attempts, and again 1 succeeded. I > tried reproducing my 'luck', but some 40 further attempts all yielded no > score. > > It then dawned on me that it might be simply PuTTY that is causing the > errors, and indeed, I tried Tunnelier and it works a charm (with and > without PAM), and during all atempts I made, it directly logged in > without any issues. > > Conclusion (or assumption, if you will): there seem to be some major > incompatibility issues between PuTTY and FreeBSD 6.2's bundled SSH version. I'm not seeing this. I tried this with PuTTY 0.58 on a fresh FreeBSD 6.2p1 system and had no problems. So I grabbed the latest PuTTY 0.59, and that worked fine as well. This is a brand new FreeBSD server I just started setting up yesterday, I haven't touched /etc/ssh/sshd_config at all yet. I just finished the upgrade to p1 this morning and tried it out. I haven't been following this thread, so I don't have any ideas on what your problem might be, but it's certainly not FreeBSD or puTTY's fault or I'd be seeing the same problem. Have you tried running sshd with the -d option, and puTTY with logging enabled to see exactly what's going on? Be sure you understand how -d works on the server if you don't have physical access to it. -- Bill Moran Collaborative Fusion Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070213090410.c1aa29bc.wmoran>