Hi,
I recently installed a setup with yunohost 3.8.4.9
Which is based on OpenSSH_7.4p1 Debian-10+deb9u7, OpenSSL 1.0.2u
I have those :
Jun 21 09:09:38 dev sshd[20884]: Connection from 192.168.4.22 port 64151 on 192.168.80.50 port 22 Jun 21 09:09:38 dev sshd[20884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.4.22 user=admin Jun 21 09:09:38 dev sshd[20884]: Accepted password for admin from 192.168.4.22 port 64151 ssh2 Jun 21 09:09:38 dev sshd[20884]: pam_unix(sshd:session): session opened for user admin by (uid=0) Jun 21 09:09:38 dev systemd-logind[698]: New session 618 of user admin. Jun 21 09:09:38 dev systemd: pam_unix(systemd-user:session): session opened for user admin by (uid=0) Jun 21 09:09:39 dev sshd[20884]: User child is on pid 20903 Jun 21 09:09:39 dev sshd[20903]: Starting session: shell on pts/0 for admin from 192.168.4.22 port 64151 id 0
I have found your old bug report from 2003 #193546
Which described exactly the same thing.
The configuration is password permitted
This results only occurred with third party ssh clients like termius, terminus, putty but also with ssh from windows.
Termius this is true for all platform whether it’s iOS or desktop.
For what I know of the source code of those, they are not trying other keys before if you didn’t specify any in the configuration interfaces. There are no external files that would be hiding somewhere with keys either. If you specified a password, it will only be password.
I didn’t try with a key based auth.
Is it the same problem as described in the bug report about the interaction with Pam ?
Thanks in advance for all your answers