search for: usepam

http://bugzilla.mindrot.org/show_bug.cgi?id=647 Summary: Setting "UsePAM no" in sshd_config gives error if not config'ed w/ --with-pam Product: Portable OpenSSH Version: -current Platform: Sparc OS/Version: SunOS Status: NEW Severity: minor Priority: P4 Componen...

Hi, I am using OpenSSH 3.9p1. For " UsePAM yes/no " option with " PermitRootLogin without-password", the server functionality differs. For " UsePAM yes ", the server allows authentication thru password, meanwhile " UsePAM no " does not. I have fixed that problem and the patch is given below. --------------...

https://bugzilla.mindrot.org/show_bug.cgi?id=1410 Summary: Correct UsePAM comment in sshd_config on Mac OS X Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: PAM support...

...o a machine with an account under "LDAP's control", I always get password failures. However, using an account with a ssh key associated with it works fine, even if the user is a LDAP user. It seems to me like there is a miscommunication with PAM here. Of course, one can turn on UsePAM, but the warnings in sshd_config make me nervous. Also, running a few tests, it's a little too insecure for my liking. For instance: - PermitRootLogin without-password is rendered obsolete when UsePAM is set to yes; a user connecting without a matching ssh key gets a password prompt and...

http://bugzilla.mindrot.org/show_bug.cgi?id=1024 Summary: SSHD fails to connect when "UsePAM and UseLogin" is yes Product: Portable OpenSSH Version: 4.0p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org Rep...

https://bugzilla.mindrot.org/show_bug.cgi?id=1497 Summary: sshd -T doesn't report UsePAM setting Classification: Unclassified Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: minor Priority: P5 Component: sshd AssignedTo: unassigned-bugs at mindrot.or...

...se trusted system related configuration, we have a necessity that the code has to go through PAM. We are using "PowerTerm Interconnect" windows SSH clients and in these clients there are no options to set "keyboard-interactive" method for authentication. So,even if we set "UsePAM yes" in the server side, the client is not sending a "keyboard-interactive" string and sends a "password" string, so, the "password" method is being started. So, the system is doing normal password authentication even if "UsePAM yes" is configured. But,...

hi, i don't understand how 3.6.1p2 breaks ssh1.... On Fri, Sep 12, 2003 at 10:27:15AM -0700, Mike Bethune wrote: > Hello, > the new way this works breaks windows ssh clients using v1 (I know, who cares :) > since when these options are enabled and you connect w/v1, the server asks: > Password: > Response: > and I guess these clients (tested putty, pscp, vandyke) expect

https://bugzilla.mindrot.org/show_bug.cgi?id=3566 Bug ID: 3566 Summary: Password expiry warning is printed multiple times when UsePAM is set to yes Product: Portable OpenSSH Version: 8.8p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: PAM support Assignee: unassigned-bugs at mindrot.org Reporte...

Hello, I have recently download and compiled version 3.7.1p2 of openssh, but am having authentication issues with it. I have been using 3.6.1p1 with no problems. Both versions were compiled on the same Solaris 8 host. That host uses ldap for its name service. Both were compiled using the same openssh config options: --prefix=/opt/openssh --with-pam --with-zlib=/opt/openssh/lib However, the

http://bugzilla.mindrot.org/show_bug.cgi?id=936 Summary: S/Key authentication fails if UsePAM=no Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: ulm at kph.u...

hi, i just noticed that my pam_tally config has stopped working. it used to work in 3.6.1p2, but since then hasn't. i configured openssh like so: ./configure --with-tcp-wrappers --with-pam --with-privsep-user=sshd --with-md5-passwords --with-ipaddr-display and i do have "UsePAM yes" set in sshd_config. i've tried and failed to get it to work with 3.7.1p2 and 3.8.1p1. i've tried compiling them both --with-pam and --without-pam and tried both "UsePAM yes" and "UsePAM no" all to no avail. /var/log/faillog exists and it is owned by root and se...

...rg >From the sample sshd_config: === Begin === # Set this to 'yes' to enable PAM authentication (via challenge-response) # and session processing. Depending on your PAM configuration, this may # bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords' #UsePAM no === End === Please add an appropriate warning regarding the use of UsePAM to the PasswordAuthentication section of sshd_config.5. Thanks! ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=667 Summary: Openssh 3.7x, Windows ssh clients and Ldap don't play together Product: Portable OpenSSH Version: 3.7.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: critical Priority: P2 Component: PAM support AssignedTo:

...d field is not visible? The PAM stack handles this by treating the supplied password as the key used to decrypt the user's secret key used when issuing requests to any secure RPC services. What all of the above means in terms of OpenSSH is that PasswordAuthentication will not function and that UsePAM is required. While this functions properly for normal users it has one very negative security implication with respect to root logins: PermitRootLogin is not respected when UsePAM is in effect. I submit that ignoring the PermitRootLogin directive is counter intuitive and that doing so opens a ser...

...creating accounts with empty passwords. Each user's public key is located in <user's home>/.ssh/authorized_keys. When trying to ssh into that machine, following error message is displayed: Permission denied (publickey). In /etc/ssh/sshd_config I've set: PasswordAuthentication no UsePAM no If I set a password for the users, the public key auth works without any problems. Could anyone tell me what I'm missing here? Thanks Michael

Hi , I have two problems when i went through a) the man page of sshd_config and b) the comments quoted in sshd_config file itself. They are given below. a) >From the man page of sshd_config: "If UsePAM is enabled, you will not be able to run sshd(8) as a non-privileged user." I changed the permission of the hostkeys to a non-privileged user and tried to run sshd alongwith "UsePAM=yes" in one of the non-privileged ports . sshd was successfully initiated but it failed to handle c...

Hi All, Is there a difference in 3.6 and 3.7 implemetaion of ChallengeResponse authentication? Also, what is the impact of setting UsePAM yes and no with respect to this authentication method and expiry passwords. Thanks, Kumaresh --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.576 / Virus Database: 365 - Release Date: 1/30/2004

...: Dienstag, 18. November 2003 00:50 To: Edgar, Bob Cc: openssh-unix-dev at mindrot.org Subject: Re: 3.7.1P2, PermitRootLogin and PAM with hidden NISplus passwords Edgar, Bob wrote: > What all of the above means in terms of OpenSSH is that > PasswordAuthentication will not function and that UsePAM is required. > While this functions properly for normal users it has one very negative > security implication with respect to root logins: PermitRootLogin is > not respected when UsePAM is in effect. I submit that ignoring the > PermitRootLogin directive is counter intuitive and that...

..., the password authentication always failed while connecting through ssh. The authentication succeeds if attempted through keyboard-interactive authentication. On debugging this we found that Password authentication is not working because it doesn't Use PAM in openssh 3.7.1p1. Version UsePAM PasswordAuthentication ChallengeResponseAuthentication <=3.6.1p2 Not applicable Uses PAM Uses PAM if PAMAuthenticationViaKbdInt is enabled 3.7p1 - 3.7.1p1 Defaults to yes Does not use PAM Uses PAM if UsePAM is enabled 3.7.1p2 - 3.8.1p1 Defaults to no Does not use PAM [1] <http://...