bugzilla-daemon at mindrot.org
2003-Sep-17 20:30 UTC
[Bug 667] Openssh 3.7x, Windows ssh clients and Ldap don't play together
http://bugzilla.mindrot.org/show_bug.cgi?id=667
Summary: Openssh 3.7x, Windows ssh clients and Ldap don't play
together
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: critical
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: matthew.schick at usm.edu
The 3.7 versions of Openssh will refuse to authenticate via password (didn't
try
keys) for the ssh.com and Putty clients IF the server is using ldap
authentication. Authentication isn't a problem if the openssh client is
used
(even under cygwin), or if any windows client is used to connect to an openssh
server using passwd/shadow auth.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-17 20:31 UTC
[Bug 667] Openssh 3.7x, Windows ssh clients and Ldap don't play together
http://bugzilla.mindrot.org/show_bug.cgi?id=667 ------- Additional Comments From matthew.schick at usm.edu 2003-09-18 06:31 ------- Created an attachment (id=417) --> (http://bugzilla.mindrot.org/attachment.cgi?id=417&action=view) DEBUG3 Output Output logged on affected server... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-18 04:10 UTC
[Bug 667] Openssh 3.7x, Windows ssh clients and Ldap don't play together
http://bugzilla.mindrot.org/show_bug.cgi?id=667 ------- Additional Comments From dtucker at zip.com.au 2003-09-18 14:10 ------->From the sshd_config man page:UsePAM Enables PAM authentication (via challenge-response) and session set up. If you enable this, you should probably disable PasswordAuthentication. If you enable then you will not be able to run sshd as a non-root user. What happens if you disable PasswordAuthentication and use keyboard-interactive on the clients? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-22 01:41 UTC
[Bug 667] Openssh 3.7x, Windows ssh clients and Ldap don't play together
http://bugzilla.mindrot.org/show_bug.cgi?id=667 ------- Additional Comments From jason at devrandom.org 2003-09-22 11:41 ------- This bug caught my eye because I'm a big supporter of LDAP authentication. If I set PasswordAuthentication=No in sshd_config then PuTTY doesn't login regardless of the UsePAM setting. I tried using both an LDAP-served user and a /etc/passwd|shadow user with UsePAM=yes and UsePAM=no and as long as PasswordAuthentication=No then PuTTY won't log in. Could this be an error with PuTTY? Just for fun I tried F-Secure's SSH client (for OpenVMS) and everything worked fine with PasswordAuthentication=No and UsePAM=yes and F-Secure verbosely prints it's using keyboard-interactive. Interestingly though UsePAM=no and PasswordAuthentcation=no breaks F-Secure. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers
- [Bug 843] sshd_config.5: add warning to PasswordAuthentication
- [Bug 1410] New: Correct UsePAM comment in sshd_config on Mac OS X
- Disabling Password authenitication with SSH
- SSH login from user with empty password