FreeBSD, SSH and "Enter Authentication Response"

Rishi Chopra rchopra at cal.berkeley.edu
Wed Mar 10 13:53:29 PST 2004 

To quote Ringo Starr ala The Simpsons, "Please forgive the lateness of 
my reply".

Matthew: Your suggestion worked beautifully.  Changing 
/etc/ssh/sshd_config solved my "confirmation login" problem quite 
nicely.  Just to confirm, I am running the version of SSH that comes 
standard with FreeBSD 5.1-RELEASE.

--
Rishi Chopra
http://www.ocf.berkeley.edu/~rchopra


Matthew Seaman wrote:
> On Tue, Jan 13, 2004 at 01:30:15PM -0800, Rishi Chopra wrote:
> 
>>I've included copies of my /etc/ssh/ssh_config file and /etc/pam.d/ssh - 
>>I'm running a default minimal installation of FreeBSD 5.2:
> 
>  
> 
>>etc/ssh/ssh_config:
> 
> 
> Um... /etc/ssh/sshd_config is more to the point -- ssh_config is for
> the client side, ssh*d*_config is for the server side.
> 
> However if you've just installed the system then chances are the
> sshd_config is unmodified from the default settings.
> 
> Try turning off the challenge-response stuff as I suggested in my
> earlier e-mail. ie. make it so that sshd_config contains:
> 
>     ChallengeResponseAuthentication no
> 
> 
>>/etc/pam.d/ssh
> 
> 
> That looks fine.
> 
> Hmmm... This does look like a peculiar interaction of your particular
> SSH client software and the OpenSSH server code on FreeBSD.
> 
> Normally I'd suggest running the client side connection with debugging
> turned up high, eg:
> 
>     % ssh -v -v -v host.example.com
> 
> but I don't know what the equivalent of that is for the client
> software you're using.
> 
> A very good diagnostic test though is to run the server side with the
> debugging turned up.  A good trick is to run it on an alternative port
> so you can run it in parallel with your regular sshd. eg:
> 
>     # sshd -d -d -d -p 24
> 
> You can then connect to the alternate port by:
> 
>     % ssh host.example.com:24
> 
> This will produce quite a lot of output, and exit after the ssh
> session.  By comparing this output to the equivalent output from a
> machine where you don't have the problem you should be able to tell
> what the FreeBSD box is doing differently, and maybe work out how to
> fix it.  Be aware that the full debug output from sshd should not be
> published as it can contain privileged information.
> 
> 	Cheers,
> 
> 	Matthew
>

More information about the freebsd-questions mailing list