Lalith Rajendran (CW)
2009-Jun-04 06:02 UTC
PasswordAuthentication fails in openssh3.7.1p1 as it does not use PAM
All, I am an engineer working with Brocade. We recently upgraded one of our products to openssh3.7.1p1. Once we did this, the password authentication always failed while connecting through ssh. The authentication succeeds if attempted through keyboard-interactive authentication. On debugging this we found that Password authentication is not working because it doesn't Use PAM in openssh 3.7.1p1. Version UsePAM PasswordAuthentication ChallengeResponseAuthentication <=3.6.1p2 Not applicable Uses PAM Uses PAM if PAMAuthenticationViaKbdInt is enabled 3.7p1 - 3.7.1p1 Defaults to yes Does not use PAM Uses PAM if UsePAM is enabled 3.7.1p2 - 3.8.1p1 Defaults to no Does not use PAM [1] <http://www.openbsd.org/openssh/faq.html#3.15fn1> Uses PAM if UsePAM is enabled 3.9p1 Defaults to no Uses PAM if UsePAM is enabled Uses PAM if UsePAM is enabled Why was Password Authentication using PAM removed in 3.7.1p1? We need this to be supported in 3.7.1p1. Please let us know what could be done to enable this in 3.7.1p1. Thanks, Lalith
Peter Stuge
2009-Jun-04 11:58 UTC
PasswordAuthentication fails in openssh3.7.1p1 as it does not use PAM
Hello Lalith, Lalith Rajendran (CW) wrote:> We recently upgraded one of our products to openssh3.7.1p1.That is REALLY old software.> We need this to be supported in 3.7.1p1.I guess you have some work to do in the code then.> Please let us know what could be done to enable this in 3.7.1p1.I would suggest that you use a 5.x version of OpenSSH.. //Peter
Lalith Rajendran (CW)
2009-Jun-04 13:54 UTC
PasswordAuthentication fails in openssh3.7.1p1 as it does notuse PAM
Thanks for the information Peter. I fixed this by back porting the PAM support implementation for password-authentication from openssh 3.9 to openssh 3.7.1p1. (Bug 874 - (Re)Add PAM PasswordAuthentication support ). I am also seeing another issue after I upgraded to 3.7.1p1. If I try logging in through putty (keyboard interactive authentication), it is not prompting for password the first time. It is prompting for password only on the second attempt and only then I am able to login. ///////////////////////////////////// login as: Administrator Login: Administrator Password: ///////////////////////////////////// I searched for information regarding this problem but could not find any. Is this a known issue in openssh 3.7.1p1? Thanks, Lalith -----Original Message----- From: Peter Stuge [mailto:peter at stuge.se] Sent: Thursday, June 04, 2009 5:28 PM To: Lalith Rajendran (CW) Cc: openssh-unix-dev at mindrot.org; Gayathri Ramakrishnan (CW) Subject: Re: PasswordAuthentication fails in openssh3.7.1p1 as it does notuse PAM Hello Lalith, Lalith Rajendran (CW) wrote:> We recently upgraded one of our products to openssh3.7.1p1.That is REALLY old software.> We need this to be supported in 3.7.1p1.I guess you have some work to do in the code then.> Please let us know what could be done to enable this in 3.7.1p1.I would suggest that you use a 5.x version of OpenSSH.. //Peter
Martin Schröder
2009-Jun-04 15:37 UTC
PasswordAuthentication fails in openssh3.7.1p1 as it does notuse PAM
2009/6/4, Lalith Rajendran (CW) <lrajendr at brocade.com>:> Is this a known issue in openssh 3.7.1p1?Why do you insist on using sofware that is nearly six years old and security critical? Best Martin