This one time, at band camp, Nathan Dragun said: > While setting up PAM in conjunction with SSH I included the following > line to deny access unless found in the following file: > > auth required pam_listfile.so sense=allow onerr=fail item=user > file=/etc/sshloginusers > > Which works, sort of. > ...Lets say for examples sake the user "bob" is trying to get in, but is > not listed in this file. Ie: not authorized. If I try to connect via > the windows program PuTTY, the first attempt fails, naturally, but if I > re-type the password when prompted it will let me in!!! Not good. I > tested this several different ways and found that if I try and go from > linux box to linux box after about 4 attempts it will let me in. > > SSH package version: OpenSSH_3.8.1p1 Debian-8.sarge.4 > in conjunction with: OpenSSL 0.9.7e 25 Oct 2004 > > Now I was doing some research into this, figuring I configured something > wrong or what not early on when I first noticed this authentication > problem existed and noticed that there have been some huge changes from > the 3.8.1p1 release back in October 2004 (Ironically if I read that > right 4.0 was just released today). Changelog: > ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog > > But, why on earth is this package so out of date?? Insight into this > would be greatly appreciated. What you are experiencing sounds like a configuration problem to me. You presumably have multiple auth mechanisms listed besides UsePam, and eventually one succeeds, although the PAM one failed. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
pgp7CmsqvRdjQ.pgp
Description: PGP signature