Bug#429619: openssh-server: password based authentication not working following upgrade

To: Petr Vandrovec <petr@vmware.com>, 429619@bugs.debian.org
Subject: Bug#429619: openssh-server: password based authentication not working following upgrade
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 22 Jun 2007 10:22:09 +0100
Message-id: <[🔎] 20070622092209.GN4163@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 429619@bugs.debian.org
In-reply-to: <[🔎] 467B2090.3010108@vmware.com>
References: <[🔎] 467B2090.3010108@vmware.com>

On Thu, Jun 21, 2007 at 06:06:24PM -0700, Petr Vandrovec wrote:
>   it is still not quite right.  To work around 4.6p1-1 bug I enabled 
> 'PasswordAuthenticaion yes' in sshd config file, and it worked great. 
> But for 4.6p1-2 I'm prompted for password, and then thing crashes (Works 
> fine with key based authentication):
> 
> petr-dev3:/var/log# ssh localhost -l petr
> Password:
> Read from remote host localhost: Connection reset by peer
> Connection to localhost closed.
> petr-dev3:/var/log# tail auth.log
> Jun 21 17:50:28 petr-dev3 sshd[5445]: fatal: PAM: pam_setcred(): 
> Permission denied
> Jun 21 17:50:41 petr-dev3 login[5411]: (pam_unix) session opened for 
> user root by (uid=0)
> Jun 21 17:50:41 petr-dev3 login[5448]: ROOT LOGIN  on 'tty1'
> Jun 21 17:56:21 petr-dev3 login[5412]: (pam_unix) session opened for 
> user root by (uid=0)
> Jun 21 17:56:21 petr-dev3 login[5490]: ROOT LOGIN  on 'tty2'
> Jun 21 17:56:56 petr-dev3 sshd[5496]: (pam_unix) authentication failure; 
> logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost.localdomain  user=petr
> Jun 21 17:57:00 petr-dev3 sshd[5496]: Accepted keyboard-interactive/pam 
> for petr from 127.0.0.1 port 53393 ssh2
> Jun 21 17:57:00 petr-dev3 sshd[5499]: (pam_unix) session opened for user 
> petr by (uid=0)
> Jun 21 17:57:00 petr-dev3 sshd[5499]: fatal: PAM: pam_setcred(): 
> Permission denied
> Jun 21 17:57:00 petr-dev3 sshd[5499]: (pam_unix) session closed for user 
> petr
> petr-dev3:/var/log#

This looks like an entirely separate bug. Could you please check
/var/log/auth.log on the server to see if there's anything logged there,
and if not file this separately?

> After I put 'PasswordAuthentication no' back into sshd config file, 
> things look better... (though I do not understand how PAM can work 
> without PasswordAuthentication, as server definitely needs my cleartext 
> password to be able to send it to PAM...)

Look up ChallengeResponseAuthentication.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

References:
- Bug#429619: openssh-server: password based authentication not working following upgrade
  - From: Petr Vandrovec <petr@vmware.com>

Prev by Date: Bug#429619: openssh-server: password based authentication not working following upgrade
Next by Date: Bug#430154: /usr/share/man/man5/ssh_config.5.gz: Documentation for HashKnownHosts should mention that it breaks tab completion
Previous by thread: Bug#429619: openssh-server: password based authentication not working following upgrade
Next by thread: Bug#430154: /usr/share/man/man5/ssh_config.5.gz: Documentation for HashKnownHosts should mention that it breaks tab completion
Index(es):
- Date
- Thread