sshd STILL not using one time passwords.
listmail
listmail at Bomgardner.net
Sun Oct 24 08:18:54 PDT 2004
Thanks to all who have patiently answered my previous questions.
I've got another one.
I'm using 5.2.1. My logs show attempts to break into my system via ssh,
telnet, and ftp (I use strong passwords, thankfully, and no common user
accounts like admin, guest, and so on) and so I'm trying to tighten
security. I have run into a problem, however - I've set things up so
only two accounts can connect via ssh (telnet disabled outside the local
net) and I've started using opie. However, ssh will not recognize and
use opie. Local telnet does, as does ftpd, but not sshd. The list
archives has a thread that deals with the reverse problem (i.e. sshd
prompting for challenge response and not using passwords), but that
hasn't been any help here.
I've included sshd_config and /etc/pam.d/sshd. I've left out all
commented out lines for brevity.
From /etc/sshd_config:
-----------------------------------------
AuthorizedKeysFile .ssh/authorized_keys (Not sure how this got
uncommented)
AllowGroups grp1
PasswordAuthentication no
ChallengeResponseAuthentication yes
Subsystem sftp /usr/libexec/sftp-server
...... All other items commented out
=========================================
From /etc/pam.d/sshd:
--------------------------------------------------
# auth
auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
# account
account required pam_login_access.so
account required pam_unix.so
# session
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn try_first_pass
#password required pam_unix.so no_warn try_first_pass
=======================================
If I read the handbook on SSH and the paper on PAM correctly, this
should be working.
Anyone have any idea why it might not be? What have I managed to screw
up this time?
thanx
Gene
More information about the freebsd-questions
mailing list