search for: preferredauthentications

https://bugzilla.mindrot.org/show_bug.cgi?id=1702 Summary: PreferredAuthentications setting doesn't work when spaces are used as documented Product: Portable OpenSSH Version: 5.3p1 Platform: Other OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: ssh...

https://bugzilla.mindrot.org/show_bug.cgi?id=2309 Bug ID: 2309 Summary: change default PreferredAuthentications order Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: calest...

Fix and/or document issues raised in this thread: https://www.redhat.com/archives/libguestfs/2017-February/msg00010.html Rich.

...OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org Reporter: karoshism at mailinator.com When running ssh-copy-id, it executes REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' "$@" 2>&1 | sed -ne 's/.*remote software version //p') Now this hangs for me, as it produces an endless loop like # ssh -v -o PreferredAuthentications=',' root at machine OpenSSH_6.2p1, OpenSSL 1.0.1e 11 Feb 2013 ... debug1: Authentica...

Hi, Just feel curiously. I am using sun SSH 1.0.1 and 1.1 on different machines, and get different password promts as follows. ------------------------------------ root> ssh -V SSH Version Sun_SSH_1.0.1, protocol versions 1.5/2.0. root>ssh 10.193.106.90 root at 10.193.106.90's Password: ------------------------------------ root> ssh -V Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL

...special case for useful > debugging; try your tests as a regular user. > > As Tim Rice noted, you will need to set EnableSSHKeysign in the > system--wide client configuration for hostbased authentication to work > for non-root users. I edited configs to client ssh_config ... - PreferredAuthentications hostbased,publickey + PreferredAuthentications hostbased HostbasedAuthentication yes PubkeyAuthentication yes + PubkeyAuthentication no PasswordAuthentication no ... EnableSSHKeysign yes (note:...

...g it doesn't work, since the client will not in fact request it (by default). I was fooled by the statement in the ssh man page about HostbasedAuthentication that the client supports this by default (well it is set to "yes"). While it supports it, it seems that the default value for PreferredAuthentications is set to: publickey,password,keyboard-interactive,hostbased so it starts prompting for a password before getting that far. Setting the list to: publickey,hostbased,password,keyboard-interactive in ssh_config seems to do the trick, but even having added this I still can't find anything...

...Failed hostbased for anna from 192.168.1.5 port 33148 ssh2 [...] The full output is in the attachment, if I've been snipping too much (I hope it doesn't get stripped off by the mailing list software). Some basic configuration info: ssh_config (stripped): Host hostname.domainname.tld PreferredAuthentications hostbased,publickey,password HostbasedAuthentication yes GlobalKnownHostsFile /etc/ssh/ssh_known_hosts2 CheckHostIP yes StrictHostKeyChecking ask Protocol 2 sshd_config (stripped): Protocol 2 HostbasedAuthentication yes IgnoreRhosts no shosts.equiv (stripped): 192.168.1.5 h...

Hello, We tested OpenSSH 3.9 in Hp-UX platforms for Passwordauthentication under PAM modules. We started the SSH Daemon with following settings: Usepam yes ChallengeResponseAuthentication yes passwordauthentication yes The client is invoked with ssh -o'Passwordauthentication yes' localhost -vvv. The debug traces shows that the authentication suceed as keyboard-interactive.

Hi, I've got a remote system that was down and came back up. I'm trying to get into the system, but when I do I get timed out. I forced it to a keyboard interactive to speed things up: ssh -o PreferredAuthentications=keyboard-interactive -vvv tuc at 10.2.0.2 but I get : debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: auth...

I ran the following command to create a reverse tunnel from another server back to my local host ssh -4xnT -o PreferredAuthentications=publickey -o ConnectTimeout=10 -o BatchMode=yes -f \ -o ExitOnForwardFailure=yes -N -R myTargetHost:2525:myLocalHost:25 myUser at myTargetHost and on machine=myTargetHost, the port 2525 was already being utilized, so it gave me this error and exited: ? ?? Error: remote port forwarding failed for l...

...cases when this doesn't occur. One of the cases is when configuration file contains a LogLevel=QUIET option. Lets assume that ~/.ssh/config contains: > Host 127.* > LogLevel QUIET And we have no valid key for localhost. Attempting to connect doesn't give any errors: > $ ssh -o PreferredAuthentications=publickey -o IdentitiesOnly=yes user at 127.0.0.1 > $ ssh -o LogLevel=INFO -o PreferredAuthentications=publickey -o IdentitiesOnly=yes user at 127.0.0.1 > Permission denied (publickey,password). The fix is to add LogLevel=INFO to the ssh command, which is a sane default since ssh-copy-id act...

As an experiment I set up Challenge/response authentication on a Linux system with PAM using a pam_opie module (this module works fine with console logins and su). I can log into the box using the opie password, *but* it does not give me the challenge - which can make things a little tricky :-) I can well believe this might be a fault in the PAM pam_opie module I am using, so has anyone got

...0 lines in my known hosts but in reality I only ssh to a dozen or so systems. All the redundant ones are because I have a mixed population of Raspberry Pis and such on my LAN and they get rebuilt fairly frequently and thus, each time, get a new entry in known_hosts. As a result I have to set 'PreferredAuthentications password' for some systems because there are *loads* of redundant keys which cause login to fail otherwise. -- Chris Green

Hello I think I've found a bug but since no one replied to me on comp.security.ssh, I'll try my luck here. On my client, PreferredAuthentications is set to publickey,password. When using the commands option in authorized_keys file like command="ls" ssh-dss <key>... it is supposed to connect using the private key associated with <key>, perform ls and then quits. Until here everything is fine. Then I tried to delete the...

It appears that /etc/ssh/ssh_config enforces policy on local users in addition to its documented role as provider of defaults. $ ssh -V OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f $ cat .ssh/config Host localhost HostbasedAuthentication yes PreferredAuthentications hostbased $ ssh localhost Hostbased authentication not enabled in /etc/ssh/ssh_config ssh_keysign: no reply key_sign failed Permission denied (publickey,password,keyboard-interactive,hostbased). The situation is rectified by enabling Hostbased authentication in /etc/ssh/ssh_config (as the error m...

https://bugzilla.mindrot.org/show_bug.cgi?id=926 Jan Engelhardt <jengelh at gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jengelh at gmx.de --- Comment #33 from Jan Engelhardt <jengelh at

...tus: NEW Severity: enhancement Priority: P5 Component: scp Assignee: unassigned-bugs at mindrot.org Reporter: plautrba at redhat.com If an user try to run scp with two remote ends using password authentication, the second attempt fails: $ scp -v -o PreferredAuthentications=password host-1:/tmp/a host-2:/tmp/ Executing: /usr/bin/ssh -x -oClearAllForwardings=yes -n -v -o PreferredAuthentications=password -- host-1 scp -v /tmp/a host-2:/tmp/ ... plautrba at host-1's password: debug1: Authentication succeeded (password). Authenticated to host-1 ([127.0.0.1]:22). ......

..., code=20, msg='unable to get local issuer certificate' key_verify failed for server_host_key Is it possible to have a situation when if there is no x509 store set up on the client, it would simply revert to the password based authentication? I have tried setting PubkeyAlgorithms ssh-dss PreferredAuthentications keyboard-interactive but with no effect, same error appears. I would appreciate your help. - -- Respectfully, Konstantin V. Gavrilenko Arhont Ltd - Information Security web: http://www.arhont.com http://www.wi-foo.com e-mail: k.gavrilenko at arhont.com tel: +44 (0) 870 44 31337 fax...

...4 usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time] [-h host_key_file] [-k key_gen_time] [-o option] [-p port] I have configured for hostbased authentication client ssh_config ... PreferredAuthentications hostbased,publickey HostbasedAuthentication yes PubkeyAuthentication yes PasswordAuthentication no ... server sshd_config ... AuthenticationMethods hostbased,publickey HostbasedAuthentication yes HostbasedUsesN...