Bug#429619: openssh-server: password based authentication not working following upgrade

Fri, 22 Jun 2007 02:40:47 -0700 

On Thu, Jun 21, 2007 at 06:06:24PM -0700, Petr Vandrovec wrote:
>   it is still not quite right.  To work around 4.6p1-1 bug I enabled 
> 'PasswordAuthenticaion yes' in sshd config file, and it worked great. 
> But for 4.6p1-2 I'm prompted for password, and then thing crashes (Works 
> fine with key based authentication):
> 
> petr-dev3:/var/log# ssh localhost -l petr
> Password:
> Read from remote host localhost: Connection reset by peer
> Connection to localhost closed.
> petr-dev3:/var/log# tail auth.log
> Jun 21 17:50:28 petr-dev3 sshd[5445]: fatal: PAM: pam_setcred(): 
> Permission denied
> Jun 21 17:50:41 petr-dev3 login[5411]: (pam_unix) session opened for 
> user root by (uid=0)
> Jun 21 17:50:41 petr-dev3 login[5448]: ROOT LOGIN  on 'tty1'
> Jun 21 17:56:21 petr-dev3 login[5412]: (pam_unix) session opened for 
> user root by (uid=0)
> Jun 21 17:56:21 petr-dev3 login[5490]: ROOT LOGIN  on 'tty2'
> Jun 21 17:56:56 petr-dev3 sshd[5496]: (pam_unix) authentication failure; 
> logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost.localdomain  user=petr
> Jun 21 17:57:00 petr-dev3 sshd[5496]: Accepted keyboard-interactive/pam 
> for petr from 127.0.0.1 port 53393 ssh2
> Jun 21 17:57:00 petr-dev3 sshd[5499]: (pam_unix) session opened for user 
> petr by (uid=0)
> Jun 21 17:57:00 petr-dev3 sshd[5499]: fatal: PAM: pam_setcred(): 
> Permission denied
> Jun 21 17:57:00 petr-dev3 sshd[5499]: (pam_unix) session closed for user 
> petr
> petr-dev3:/var/log#

This looks like an entirely separate bug. Could you please check
/var/log/auth.log on the server to see if there's anything logged there,
and if not file this separately?

> After I put 'PasswordAuthentication no' back into sshd config file, 
> things look better... (though I do not understand how PAM can work 
> without PasswordAuthentication, as server definitely needs my cleartext 
> password to be able to send it to PAM...)

Look up ChallengeResponseAuthentication.

Cheers,

-- 
Colin Watson                                       [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to