openssh unix dev - Jul 2021 - Unexpected behavior with "-o PreferredAuthentications=password"

On Tue, 20 Jul 2021, J?rgen Botz wrote:
> of sense, although the exact semantics of each authentication method
> (password and keyboard-interactive) aren't completely clear even after
> studying the documentation.  Does password bypass PAM entirely and have
> sshd check the password directly?
I don?t know either. Is there a write-up on this?

I do know that I can only use password to log into my BSD box
successfully, not keyboard-interactive, so they are not equivalent.

There?s (thankfully!) no PAM on BSD. Anything related to PAM is
therefore openssh-portable-related.

bye,
//mirabilos
-- 
Infrastrukturexperte ? tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn ? http://www.tarent.de/
Telephon +49 228 54881-393 ? Fax: +49 228 54881-235
HRB AG Bonn 5168 ? USt-ID (VAT): DE122264941
Gesch?ftsf?hrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

*************************************************

Mit dem tarent-Newsletter nichts mehr verpassen: www.tarent.de/newsletter

*************************************************

On 7/20/21 6:56 PM, Thorsten Glaser wrote:
> On Tue, 20 Jul 2021, J?rgen Botz wrote: 
>> of sense, although the exact semantics of each authentication method
>> (password and keyboard-interactive) aren't completely clear even
after
>> studying the documentation.  Does password bypass PAM entirely and have
>> sshd check the password directly?
> 
> I don?t know either. Is there a write-up on this?
> 
> I do know that I can only use password to log into my BSD box
> successfully, not keyboard-interactive, so they are not equivalent.
Ah!  If I understood correctly you /should/ be able to use
'keyboard-interactive:bsdauth' to log into your BSD box.  The
keybaord-interactive authentication method has at least two
sub-methods (called 'devices')... pam and bsdauth.

I think to fully understand there's nothing to it but to read
some source code.

- J?rgen