openssh-2.1.1p2 problem and fix

Damien Miller djm at
Sun Jul 2 08:48:12 EST 2000

On Sat, 1 Jul 2000, Darren Evans wrote:

> Hi all,
> trawled through the archives and did'nt find what I was looking for
> so here goes.
> This may be common knowledge or may not for the developers here ...
> maybe it will save someone some time anyhow.
> I'm running Redhat 6.2, **2.4.0-test1 kernel**,
> openssh-2.1.1p2.tar.gz, openssl-0.9.5a.tar.gz, with these options.
> sh configure --with-tcp-wrappers --with-md5-passwords
> --with-ipv4-default --with-pam

Can you send the output of a configure run? 

> ident /usr/local/sbin/sshd | grep -i pam
> Does not find pam.

I suspect that some brokenness in the new kernel headers is breaking
the test for PAM. You might want to trawl through config.log for
more detailed error messages.

> The error I receive is a,
> Permission denied, please try again even though my password **IS**
> correct.

As a temporary workaround you might want to set --with-md5-passwords

> When I do this, and strace sshd -d I get this from strace
> ssh -v -l darren horseplay
> read(3, "root:$1$1xxxxxxxxxxxxxxxxxxxxxxx"..., 4096) = 757

> I may be wrong, but it does say read(4, "root: ...." so is it not
> reading my username in the shadow file.

If you username is in the first 4096 bytes of the password file
it is getting it OK.

> I've also had odd problems with openssh-2.1.1p1.tar.gz on FreeBSD
> 3.5-STABLE, maybe i'll go into that one another day as my memory is
> hazy at the moment.

The FreeBSD developers maintain their own port of OpenSSH - I have
no idea whether it is based on our work or not.

Damien Miller

| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller -
| Email: djm at (home) -or- djm at (work)

More information about the openssh-unix-dev mailing list