Unexpected behavior with "-o PreferredAuthentications=password"

Jürgen Botz jurgen at botz.org
Wed Jul 21 08:28:11 AEST 2021

On 7/20/21 6:56 PM, Thorsten Glaser wrote:
> On Tue, 20 Jul 2021, Jürgen Botz wrote: 
>> of sense, although the exact semantics of each authentication method
>> (password and keyboard-interactive) aren't completely clear even after
>> studying the documentation.  Does password bypass PAM entirely and have
>> sshd check the password directly?
> I don’t know either. Is there a write-up on this?
> I do know that I can only use password to log into my BSD box
> successfully, not keyboard-interactive, so they are not equivalent.

Ah!  If I understood correctly you /should/ be able to use
'keyboard-interactive:bsdauth' to log into your BSD box.  The
keybaord-interactive authentication method has at least two
sub-methods (called 'devices')... pam and bsdauth.

I think to fully understand there's nothing to it but to read
some source code.

- Jürgen

More information about the openssh-unix-dev mailing list