Unexpected behavior with "-o PreferredAuthentications=password"
jurgen at botz.org
Wed Jul 21 08:28:11 AEST 2021
On 7/20/21 6:56 PM, Thorsten Glaser wrote:
> On Tue, 20 Jul 2021, Jürgen Botz wrote:
>> of sense, although the exact semantics of each authentication method
>> (password and keyboard-interactive) aren't completely clear even after
>> studying the documentation. Does password bypass PAM entirely and have
>> sshd check the password directly?
> I don’t know either. Is there a write-up on this?
> I do know that I can only use password to log into my BSD box
> successfully, not keyboard-interactive, so they are not equivalent.
Ah! If I understood correctly you /should/ be able to use
'keyboard-interactive:bsdauth' to log into your BSD box. The
keybaord-interactive authentication method has at least two
sub-methods (called 'devices')... pam and bsdauth.
I think to fully understand there's nothing to it but to read
some source code.
More information about the openssh-unix-dev