Password auth problem with openssh 3.4 and Linux 2.2.20

Jim Knoble jmknoble at pobox.com
Mon Jul 1 15:16:34 EST 2002


Circa 2002-Jun-30 19:27:56 -0400 dixit Randy Tidd:

: After upgrading to openssh-3.4p1, password authentication is no longer
: working on my system.  I'm running Linux RedHat 6.2 with:
: 
: kernel 2.2.20
: openssh-3.4p1
: openssl-0.9.6
: pam-0.72-6

You should upgrade to pam-0.72-20.6.x (from RH's FTP site).

: pwdb-0.61-0
: 
: I've tried it with and without compression, with and without priv sep, and I
: always get errors like this:
: 
: Jun 30 19:07:48 sugarfreejazz sshd[1344]: Failed password for randy from
: 10.10.10.2 port 4320 ssh2

Questions:

- Did you build your openssh-3.4p1 by hand, or did you build an RPM
  package from the source RPM at
  ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/rpm/SRPMS/ ?

- Is your system configured to use MD5 passwords (via
  /usr/sbin/authconfig)?  If so, and if you built OpenSSH by hand, did
  you configure OpenSSH with support for MD5 passwords?

- Did you have 'StrictModes no' in your old sshd_config?  Do you have
  'StrictModes yes' in the new one (or is it commented out, since 'yes'
  is the default)?  Have you double-checked the permissions on your
  home directory and your ~/.ssh/ directory on the server you're trying
  to log into?

- Set up a dummy (i.e., temporary) user account on the server, making
  sure the home directory is created and has mode 0700 (drwx------).
  Are you able to successfully log in as the dummy user?

: It worked with openssh-2.9p2.[...]
: 
: I did see this comment in the ChangeLog:
: 
: http://www.rpmfind.net//linux/RPM/PLD/dists/nest/test/i386/openssh-3.4p1-2.i
: 386.html
: 
: "Revision 1.125  2002/06/26 15:42:57  misiek
:   - 3.4 (pam still not working)"

That changelog appears to be from an RPM package built by PLD (the
Polish Linux Distribution).  Is that where you got the new OpenSSH you
installed that isn't working?  I'd recommend you get it from the
ftp.openssh.com site rather than somewhere else.

: Is there a known problem with openssh 3.4 and PAM?

Not on Red Hat Linux 6.2.  It's working fine at three or four different
installations that i'm aware of at this very moment, including the
machine i'm writing this from.

: Also I tried compiling openssh without PAM by passing in the
: "--without-pam" flag to configure but that did not seem to do
: anything -- "strings /usr/local/sbin/sshd | grep pam" still reveals
: that it is compiled in.  Is there a way to disable or compile
: without PAM?

Are you certain that /usr/local/sbin/sshd is the freshly installed
sshd?  Or did it get installed somewhere else?  If you were using the
PLD RPM package, it is quite likely that sshd ended up as
/usr/sbin/sshd instead.

Unless you have unusual requirements (e.g., special patches, AFS
libraries, etc.) i would very much recommend rebuilding from the source
RPM from ftp.openssh.com as follows:

  rpm --rebuild --define='build_6x=1' openssh-3.4p1-1.src.rpm

Then you can install the resulting binary RPM packages.

-- 
jim knoble  |  jmknoble at pobox.com  |  http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 249 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020701/9c9d4ed2/attachment.bin 


More information about the openssh-unix-dev mailing list