Problem with OpenSSH =>3.7p1 on Linux \w Linux-PAM 0.77

Pauli Borodulin pauli.borodulin at
Mon Oct 6 07:32:24 EST 2003

> Pauli Borodulin wrote:
>> Hmm, I'm pretty sure I tried that already. Lemme see -- yes, didn't
>> help. 3.6.1p2 seems to require PasswordAuthentication to be
>> enabled, otherwise I'm not able to log in (even using PAM).

Darren Tucker wrote:
> I assume that version was a typo since your original message had 
> "=>3.7p1"?

Nope. 3.6.1p2 is working ok. I just tried what happens if I try
disabling PasswordAuthentication in it. Didn't do any good, as I told, I
wasn't able to log in anymore after disabling it. :-)

Okay, after checking PuTTY's default settings I found out that (for some
odd reason) the version I was using had default setting of trying to
prefer SSH1 over SSH2, so all connections were done in SSH1.

I chose SSH2 as preferred protocol version and tested it with 3.6.1p2
and it seems to work ok but not with =>3.7p1. I made some logs of sshd
-d and put them on the web.

OpenSSH 3.6.1p2:

OpenSSH 3.7p1 (disconnected right after I had given my account):

OpenSSH 3.7.1p2: (disconnected right after I had given my account):

I used settings you gave for 3.7p1 and 3.7.1p2:

> UsePAM yes
 > PasswordAuthentication no
 > ChallengeResponseAuthentication yes

I found something interesting, but couldn't understand what's really
happening. Seems that 3.6.1p2 outputs:

debug1: kbdint_alloc: devices ''
Failed keyboard-interactive for foobar from x.y.z.z port 1838 ssh2
debug1: userauth-request for user foobar service ssh-connection method
debug1: attempt 2 failures 2
debug1: PAM password authentication accepted for foobar
Accepted password for foobar from x.y.z.z port 1838 ssh2

but =>3.7p1 outputs:

debug1: kbdint_alloc: devices 'pam'
debug1: auth2_challenge_start: trying authentication method 'pam'
PAM: Authentication failure
Failed keyboard-interactive for foobar from x.y.z.z port 1855 ssh2
Received disconnect from x.y.z.z: 11: No supported authentication
methods available

I tried also OpenSSH's client, and it fails just like PuTTY so it has to
be something on the server-side.

Pauli Borodulin <pauli.borodulin at>

More information about the openssh-unix-dev mailing list