OpenSSH 3.7.1 compatibility problems on Linux
Dag-Erling Smørgrav
des at des.no
Sat Sep 20 03:58:10 EST 2003
James Bourne <jbourne at hardrock.org> writes:
> > Stanislav Malyshev <stas at zend.com> writes:
> > > With newer clients, using protocol 1 gives very strange greeting - first
> > > Password:
> > > Response:
> > This is PAM mediated through ssh1's TIS authentication feature.
> IMHO, this should be a single prompt, not 2 seperate prompts and BTW, this
> comes from the client NOT the server. The "Response: " portion is actually
> completely superfluous output...
Then turn PAM off and stop whining. The only way to implement PAM
authentication in ssh1 is to abuse the TIS authentication protocol, so
you have a choice between 1) PAM authentication that looks like crap
and 2) no PAM authentication. Take your pick.
> Also, this only happens when connecting to a newer version server. For
> example, connecting to a server running 3.7.1p1 you get the second prompt,
> but connecting to a server with a patched 3.1p1 (ala Red Hat) from the same
> host using the same client, you get user at host's password:
because 3.1 didn't have (proper) PAM support.
> > > Authentication with the latter never works, however works with the former.
> > If password authentication fails when you type the correct password,
> > you probably did something wrong at build time (like disable shadow
> > passwords).
> No actually, it is some incompatability with clients which do not support
> "keyboard-interactive" authentication.
There is no "keyboard-interactive" authentication in ssh1. You need
to get better at that "reading" thing you've been hearing about.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the openssh-unix-dev
mailing list