Does PAM work at all with ssh 3.4?

To: debian-ssh@lists.debian.org
Subject: Does PAM work at all with ssh 3.4?
From: Jason Lunz <lunz@falooley.org>
Date: Wed, 10 Jul 2002 17:42:47 +0000 (UTC)
Message-id: <[🔎] slrnaiosi5.5e3.lunz@stoli.localnet>

I'm playing around with the ssh 1:3.4p1-1 package, and I can't get it to
authenticate via pam with any pam configuration at all.

Here's the relevant part of my sshd_config:

	Protocol 2
	UsePrivilegeSeparation yes
	PubkeyAuthentication no
	PasswordAuthentication no
	PAMAuthenticationViaKbdInt yes

I want pam, and only pam, to be used for authentication, but it doesn't
seem like pam works at all. Even with a trivial PAM configuration, no
logins are possible. Here's my /etc/pam.d/ssh:

	auth       required     pam_permit.so
	account    required     pam_permit.so
	session    required     pam_permit.so
	password   required     pam_permit.so

Even with this pam config, PAMAuthenticationViaKbdInt doesn't work:

	$ ssh  -v -v -v localhost
	OpenSSH_3.4p1 Debian 1:3.4p1-1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
	[snip]
	debug1: authentications that can continue: keyboard-interactive
	debug3: start over, passed a different list keyboard-interactive
	debug3: preferred publickey,keyboard-interactive,password
	debug3: authmethod_lookup keyboard-interactive
	debug3: remaining preferred: password
	debug3: authmethod_is_enabled keyboard-interactive
	debug1: next auth method to try is keyboard-interactive
	debug2: userauth_kbdint
	debug2: we sent a keyboard-interactive packet, wait for reply
	debug1: authentications that can continue: keyboard-interactive
	debug3: userauth_kbdint: disable: no info_req_seen
	debug2: we did not send a packet, disable method
	debug1: no more auth methods to try
	Permission denied (keyboard-interactive).
	debug1: Calling cleanup 0x8063a9c(0x0)

The server in debug mode shows:

	$ sshd -d -d -d
	debug1: sshd version OpenSSH_3.4p1 Debian 1:3.4p1-1
	[snip]
	debug1: KEX done
	debug1: userauth-request for user lunz service ssh-connection method none
	debug1: attempt 0 failures 0
	debug3: mm_getpwnamallow entering
	debug3: mm_request_send entering: type 6
	debug3: monitor_read: checking request 6
	debug3: mm_answer_pwnamallow
	debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
	debug3: mm_request_send entering: type 7
	debug2: monitor_read: 6 used once, disabling now
	debug3: mm_request_receive entering
	debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM
	debug3: mm_request_receive_expect entering: type 7
	debug3: mm_request_receive entering
	debug2: input_userauth_request: setting up authctxt for lunz
	debug3: mm_start_pam entering
	debug3: mm_request_send entering: type 37
	debug3: monitor_read: checking request 37
	debug1: Starting up PAM with username "lunz"
	debug3: Trying to reverse map address 127.0.0.1.
	debug1: PAM setting rhost to "localhost"
	debug2: monitor_read: 37 used once, disabling now
	debug3: mm_request_receive entering
	debug3: mm_inform_authserv entering
	debug3: mm_request_send entering: type 3
	debug3: monitor_read: checking request 3
	debug3: mm_answer_authserv: service=ssh-connection, style=
	debug2: monitor_read: 3 used once, disabling now
	debug3: mm_request_receive entering
	debug2: input_userauth_request: try method none
	debug3: mm_auth_password entering
	debug3: mm_request_send entering: type 10
	debug3: monitor_read: checking request 10
	debug3: mm_answer_authpassword: sending result 0
	debug3: mm_request_send entering: type 11
	Failed none for lunz from 127.0.0.1 port 38116 ssh2
	debug3: mm_request_receive entering
	debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
	debug3: mm_request_receive_expect entering: type 11
	debug3: mm_request_receive entering
	debug3: mm_auth_password: user not authenticated
	Failed none for lunz from 127.0.0.1 port 38116 ssh2
	debug1: userauth-request for user lunz service ssh-connection method keyboard-interactive
	debug1: attempt 1 failures 1
	debug2: input_userauth_request: try method keyboard-interactive
	debug1: keyboard-interactive devs 
	debug1: auth2_challenge: user=lunz devs=
	debug1: kbdint_alloc: devices ''
	debug2: auth2_challenge_start: devices 
	Failed keyboard-interactive for lunz from 127.0.0.1 port 38116 ssh2
	Connection closed by 127.0.0.1
	debug1: Calling cleanup 0x806be4c(0x0)
	debug1: Calling cleanup 0x8052b48(0x0)
	debug1: Calling cleanup 0x806be4c(0x0)

Does anyone know if pam has worked at all since the privilege separation
changes? If so, what am I doing wrong?

thanks,

Jason



-- 
To UNSUBSCRIBE, email to debian-ssh-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Does PAM work at all with ssh 3.4?
  - From: Wichert Akkerman <wichert@wiggy.net>

Prev by Date: postinst problems updating ssh in debian 2.2r6
Next by Date: Re: Does PAM work at all with ssh 3.4?
Previous by thread: Re: postinst problems updating ssh in debian 2.2r6 - my error.
Next by thread: Re: Does PAM work at all with ssh 3.4?
Index(es):
- Date
- Thread