bugzilla-daemon at mindrot.org
2003-Sep-21 18:02 UTC
[Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers
http://bugzilla.mindrot.org/show_bug.cgi?id=696 Summary: PAM modules getting bypassed when connecting from f- secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Product: Portable OpenSSH Version: 3.7.1p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: minor Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org ReportedBy: swamitj at yahoo.com Openssh 3.7.1p1 and 3.7p1 were complied with PAM support. When we try to connect in(to the openssh 3.7.1p1/3.7p1 server) from F-Secure ssh clients the PAM modules are totally getting bypassed. Is there a way to fix this? However there are no problems connecting in from Openssh clients(PAM works fine) The options that were used here were similar to the options used to compile openssh 3.6p1. No problems are encountered when connecting to a 3.6p1 server either from openssh client or a f-secure ssh client. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-22 00:09 UTC
[Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers
http://bugzilla.mindrot.org/show_bug.cgi?id=696 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From djm at mindrot.org 2003-09-22 10:09 ------- Read the comment next to UsePAM in sshd_config. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-22 01:32 UTC
[Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers
http://bugzilla.mindrot.org/show_bug.cgi?id=696 swamitj at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WORKSFORME | ------- Additional Comments From swamitj at yahoo.com 2003-09-22 11:31 ------- PasswordAuthentication is set to no and UsePAM is set to yes on the sshd_config file Running sshd in debug mode while trying to connect in , shows PAM modules being invoked while coming in from openssh clients but not from f-secure. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-22 01:39 UTC
[Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers
http://bugzilla.mindrot.org/show_bug.cgi?id=696 ------- Additional Comments From dtucker at zip.com.au 2003-09-22 11:39 ------- Are your F-Secure clients configured to use keyboard-interactive authentication? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-22 01:51 UTC
[Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers
http://bugzilla.mindrot.org/show_bug.cgi?id=696 ------- Additional Comments From jason at devrandom.org 2003-09-22 11:51 ------- F-Secure SSH client for me (on OpenVMS) works fine with UsePAM=yes and PasswordAuthentication=no for the ssh client: SYS$ ssh2 "jmccormick at rowan" Keyboard-interactive: Password: Authentication successful. [jmccormick at rowan jmccormick]$ My F-Secure install by default seems to be using keyboard-interactive as I'm not explicitly enabling it anywhere. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-22 02:37 UTC
[Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers
http://bugzilla.mindrot.org/show_bug.cgi?id=696 ------- Additional Comments From swamitj at yahoo.com 2003-09-22 12:37 ------- Yes the clients are configured to use keyboard-interactive. The same client connects fine to a 3.6p1 server(no problems with PAM) but has problems talking with 3.7p1 or 3.7.1p1. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-22 13:21 UTC
[Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers
http://bugzilla.mindrot.org/show_bug.cgi?id=696 ------- Additional Comments From swamitj at yahoo.com 2003-09-22 23:21 ------- The same problem has been noticed on Secure CRT and Putty clients as well. The only client that seems to work so far is the openssh client. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-23 14:43 UTC
[Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers
http://bugzilla.mindrot.org/show_bug.cgi?id=696 swamitj at yahoo.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|minor |major ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-23 21:25 UTC
[Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers
http://bugzilla.mindrot.org/show_bug.cgi?id=696 ------- Additional Comments From djm at mindrot.org 2003-09-24 07:25 ------- you will have to provide more evidence. A debug trace from the server perhaps? Are you using 3.7.1p2? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-23 21:54 UTC
[Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers
http://bugzilla.mindrot.org/show_bug.cgi?id=696 ------- Additional Comments From swamitj at yahoo.com 2003-09-24 07:54 ------- Created an attachment (id=463) --> (http://bugzilla.mindrot.org/attachment.cgi?id=463&action=view) Debug output from the server and verbose o/p from the client side(both f-secure and openssh) Yes we upgraded to 3.7.1p2 and the problem still persists. Setting UsePAM to yes and PasswordAuthentication to no the f-secure client is not able to login to the machine at all. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-23 22:12 UTC
[Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers
http://bugzilla.mindrot.org/show_bug.cgi?id=696 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #463|application/octet-stream |text/plain mime type| | ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-23 22:15 UTC
[Bug 696] PAM modules getting bypassed when connecting from f-secure ssh client to openssh 3.7p1 or 3.7.1p1 servers
http://bugzilla.mindrot.org/show_bug.cgi?id=696 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |WORKSFORME ------- Additional Comments From djm at mindrot.org 2003-09-24 08:15 ------- You are not even trying challenge response authentication. Try connecting using ssh protocol 2 or looking for a f-secure option "tisauthentication" or similar to enable challenge-response for protocol 1. This does work (it has been tested by a number of developers) - the problem is at the client. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Reasonably Related Threads
- openssh 3.7p1 and 3.7.1p1 Solaris problems
- [Bug 648] Cannot login using SecureCRT since openssh 3.7p1
- [Bug 667] Openssh 3.7x, Windows ssh clients and Ldap don't play together
- PasswordAuthentication fails in openssh3.7.1p1 as it does not use PAM
- Portable OpenSSH 3.7.1p2 released