bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-07 21:09 UTC
[Bug 983] Required authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=983 --- Comment #26 from Paul Sery <pgsery at swcp.com> 2010-01-08 08:09:14 EST --- The configuration below is incorrect. When using protocol 2, it should read: ... RequiredAuthentications2 password Also, there's no need to specify publickey in conjunction with other authentication methods because it will always be tried first (as specified in the rfc). You could use the following config if you want to use hostbased and password together (protocol 2): ... RequiredAuthentications2 hostbased RequiredAuthentications2 password (In reply to comment #24)> Created an attachment (id=1667)--> (https://bugzilla.mindrot.org/attachment.cgi?id=1667) [details]> Updates RequierdMethods patch to -current > > Use the following sshd_config: > UsePrivilegeSeparation no > UsePAM no > RequiredAuthentications1 password > RequiredAuthentications2 publickey > > Get following error w/ UsePrivilegeSeparation yes > > debug2: input_userauth_request: try method password > debug3: mm_auth_password entering > debug3: mm_request_send entering: type 10 > mm_request_receive_expect: read: rtype 10 != type 24 > > Need to add RequiredMethods logic to-- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching someone on the CC list of the bug. You are watching the reporter.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-07 21:14 UTC
[Bug 983] Required authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=983 --- Comment #27 from Paul Sery <pgsery at swcp.com> 2010-01-08 08:14:40 EST --- err, i mean: RequiredAuthentications2 hostbased,password (In reply to comment #26)> The configuration below is incorrect. When using protocol 2, it should > read: > > ... > RequiredAuthentications2 password > > Also, there's no need to specify publickey in conjunction with other > authentication methods because it will always be tried first (as > specified in the rfc). > > You could use the following config if you want to use hostbased and > password together (protocol 2): > > ... > RequiredAuthentications2 hostbased > RequiredAuthentications2 password > > (In reply to comment #24) > > Created an attachment (id=1667)--> (https://bugzilla.mindrot.org/attachment.cgi?id=1667) [details] [details]> > Updates RequierdMethods patch to -current > > > > Use the following sshd_config: > > UsePrivilegeSeparation no > > UsePAM no > > RequiredAuthentications1 password > > RequiredAuthentications2 publickey > > > > Get following error w/ UsePrivilegeSeparation yes > > > > debug2: input_userauth_request: try method password > > debug3: mm_auth_password entering > > debug3: mm_request_send entering: type 10 > > mm_request_receive_expect: read: rtype 10 != type 24 > > > > Need to add RequiredMethods logic to-- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching someone on the CC list of the bug. You are watching the reporter.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-08 01:05 UTC
[Bug 983] Required authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=983
Paul Sery <pgsery at swcp.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1521|0 |1
is obsolete| |
Attachment #1667|0 |1
is obsolete| |
--- Comment #28 from Paul Sery <pgsery at swcp.com> 2010-01-08 12:05:21
EST ---
Created an attachment (id=1768)
--> (https://bugzilla.mindrot.org/attachment.cgi?id=1768)
Works with privilege separation
Added a bit of logic to auth2.c to get it working with privilege
separation.
Tested combinations of publickey+password, publickey+hostbased and
password+hostbased authentication.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching someone on the CC list of the bug.
You are watching the reporter.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-29 00:13 UTC
[Bug 983] Required authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=983
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|1626 |
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching someone on the CC list of the bug.
You are watching the reporter.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-29 00:13 UTC
[Bug 983] Required authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=983
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1708
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching someone on the CC list of the bug.
You are watching the reporter.