OpenSSH 3.7.1 compatibility problems on Linux

James Bourne jbourne at
Sat Sep 20 03:49:07 EST 2003

> Stanislav Malyshev <stas at> writes:
> > With newer clients, using protocol 1 gives very strange greeting - first
> > Password: 
> > Response: 
> This is PAM mediated through ssh1's TIS authentication feature.

IMHO, this should be a single prompt, not 2 seperate prompts and BTW, this
comes from the client NOT the server.  The "Response: " portion is actually
completely superfluous output...

Also, this only happens when connecting to a newer version server.  For
example, connecting to a server running 3.7.1p1 you get the second prompt,
but connecting to a server with a patched 3.1p1 (ala Red Hat) from the same
host using the same client, you get user at host's password: 

With other older clients (putty < 0.53) you can not authenticate at all!

> > and then if password not given, <user>@<hostname>'s password:
> This is regular ssh1 password authentication.
> > Authentication with the latter never works, however works with the former.
> If password authentication fails when you type the correct password,
> you probably did something wrong at build time (like disable shadow
> passwords).

No actually, it is some incompatability with clients which do not support
"keyboard-interactive" authentication.

Was this intended breakage or accidental breakage?

James Bourne

> -- 
> Dag-Erling Smørgrav - des at

James Bourne                  | Email:            jbourne at          
Unix Systems Administrator    | WWW: 
Custom Unix Programming       | Linux:  The choice of a GNU generation
 "All you need's an occasional kick in the philosophy." Frank Herbert  

More information about the openssh-unix-dev mailing list