Jürgen Botz
2021-Jul-20 22:28 UTC
Unexpected behavior with "-o PreferredAuthentications=password"
On 7/20/21 6:56 PM, Thorsten Glaser wrote:> On Tue, 20 Jul 2021, J?rgen Botz wrote: >> of sense, although the exact semantics of each authentication method >> (password and keyboard-interactive) aren't completely clear even after >> studying the documentation. Does password bypass PAM entirely and have >> sshd check the password directly? > > I don?t know either. Is there a write-up on this? > > I do know that I can only use password to log into my BSD box > successfully, not keyboard-interactive, so they are not equivalent.Ah! If I understood correctly you /should/ be able to use 'keyboard-interactive:bsdauth' to log into your BSD box. The keybaord-interactive authentication method has at least two sub-methods (called 'devices')... pam and bsdauth. I think to fully understand there's nothing to it but to read some source code. - J?rgen
Thorsten Glaser
2021-Jul-20 23:18 UTC
Unexpected behavior with "-o PreferredAuthentications=password"
On Tue, 20 Jul 2021, J?rgen Botz wrote:> Ah! If I understood correctly you /should/ be able to use > 'keyboard-interactive:bsdauth' to log into your BSD box. TheDoesn?t seem to work this way, neither as you wrote or with -o PreferredAuthentications=keyboard-interactive \ -o KbdInteractiveDevices=bsdauth *shrug* What *is* keyboard-interactive then? Perhaps this is only obvious to people who know or used the original 1990s pre-Open ssh? Meow, //mirabilos -- Infrastrukturexperte ? tarent solutions GmbH Am Dickobskreuz 10, D-53121 Bonn ? http://www.tarent.de/ Telephon +49 228 54881-393 ? Fax: +49 228 54881-235 HRB AG Bonn 5168 ? USt-ID (VAT): DE122264941 Gesch?ftsf?hrer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg ************************************************* Mit dem tarent-Newsletter nichts mehr verpassen: www.tarent.de/newsletter *************************************************