how to compile ssh with Pam using securid

Gamliel, Udi (NIH/CIT) GamlielU at exchange.nih.gov
Tue Sep 9 01:34:21 EST 2003


 Hello 
 I complied openssh-3.6.1p2 like this "./configure --with-pam" and I did
configure
 /etc/pam.conf as follows
 	# PAM configuration
 	#
 	# Authentication management
 	#
 	sshd    auth required   /lib/security/pam_securid.so reserve
 	sftp    auth required   /lib/security/pam_securid.so reserve
 	#
 	login   auth required   /usr/lib/security/$ISA/pam_unix.so.1
 	login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1

 where "/lib/security/pam_securid.so" is an RSA security lib"
 I have no error when I compile the openssh but I do have problem when I use
 openssh with RSA security library.
 when I type the command "ssh machine_name.xxx.xxx.xxx" and  watching
 securid log monitor. I see on securid log monitor before I get the prompt
to enter my PASSCODE

 "ACCESS DENIED, syntax error"

 then I get the prompt
 "ENTER PASSCODE "
 when I put my passcode and allows me to get in (login successfully)
 (but when I ssh  several times and because of ACCESS DENIED message, the
 securid locks me and disable my token).


 One may think the RSA security library is the problem BUT
 when I use the below compiled package
 openssh-3.6.1p1-sol8-sparc-local (size 623506)
 openssl-0.9.7b-sol8-sparc-local (size 3553460)
 everything works just fine no problem at all. But now you will ask me why
 don't you use it ?
 well, I have to know how to compile ssh like the one I downloaded from the
internet
in case when there is a vulnerability we easily can go to another version of
ssh.

  I hope I gave you enough info
 one more detail
 when I compile openssh ./configure --with-pam
 at the END I get the message
 =======================================================================
               Random number source: OpenSSL internal ONLY

               Host: sparc-sun-solaris2.8
           Compiler: gcc
     Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized
 Preprocessor flags: -I/usr/local/ssl/include  -I/usr/local/include
       Linker flags: -L/usr/local/ssl/lib -R/usr/local/ssl/lib
 -L/usr/local/lib -R/usr/local/lib
          Libraries:  -lpam -ldl -lrt -lz -lsocket -lnsl -lcrypto

 PAM is enabled. You may need to install a PAM control file
 for sshd, otherwise password authentication may fail.
 Example PAM control files can be found in the contrib/
 subdirectory

============================================================================
 I am not sure if I have to edit the files in
 /contrib/sshd.pam.freebsd
 /contrib/sshd.pam.generic
 before I compile the new ssh and put the RSA securid library in
/etc/pam.conf  as follows

 sshd auth required /lib/security/pam_securid.so reserve

  thank you very much again
 Udi
 301-435-1968





More information about the openssh-unix-dev mailing list