OpenSSH 3.7.1 compatibility problems on Linux

Dag-Erling Smørgrav des at
Sat Sep 20 03:58:10 EST 2003

James Bourne <jbourne at> writes:
> > Stanislav Malyshev <stas at> writes:
> > > With newer clients, using protocol 1 gives very strange greeting - first
> > > Password: 
> > > Response: 
> > This is PAM mediated through ssh1's TIS authentication feature.
> IMHO, this should be a single prompt, not 2 seperate prompts and BTW, this
> comes from the client NOT the server.  The "Response: " portion is actually
> completely superfluous output...

Then turn PAM off and stop whining.  The only way to implement PAM
authentication in ssh1 is to abuse the TIS authentication protocol, so
you have a choice between 1) PAM authentication that looks like crap
and 2) no PAM authentication.  Take your pick.

> Also, this only happens when connecting to a newer version server.  For
> example, connecting to a server running 3.7.1p1 you get the second prompt,
> but connecting to a server with a patched 3.1p1 (ala Red Hat) from the same
> host using the same client, you get user at host's password:

because 3.1 didn't have (proper) PAM support.

> > > Authentication with the latter never works, however works with the former.
> > If password authentication fails when you type the correct password,
> > you probably did something wrong at build time (like disable shadow
> > passwords).
> No actually, it is some incompatability with clients which do not support
> "keyboard-interactive" authentication.

There is no "keyboard-interactive" authentication in ssh1.  You need
to get better at that "reading" thing you've been hearing about.

Dag-Erling Smørgrav - des at

More information about the openssh-unix-dev mailing list