similar to: Challenge Response authentication

Hello, I have a question about SSH with Kerberos password authentication . Do I receive any host ticket to my client machine when I do ssh connection with Kerberos password authenticaiton? If dont, why? If I login to remote machine through telnet with Kerberos Password authentication [through PAM-kerberos], then I can see the tickets with klist. But with the same setup for sshd, I cannot see

Hello Darren, The major problem we are running into is that the shell (both sh and ksh) does not kill its child processes when there is no pty. The SSH patch mentioned previously at http://bugzilla.mindrot.org/show_bug.cgi?id=396 is not sufficient to kill the forced command completely.It will only kill the shell script, but not any child processes the shell script runs. The shell assumes the

The "--disable-strip" configure option is required as the Solaris9-X86 linker/loader will not be able to load any of the executables and will display a "Killed" message. Similarly, 'ldd' will fail with a "file has insecure interpreter" error message. Performing a loader or ldd test from the OpenSSH installation directory on the compiled executables within the

Hello, I have compiled OpenSSL-0.9.7d - the lastest version and when OpenSSH-3.7.1p2 is compiled with this ssl library [0.9.7d], I am getting the following error when SSH-1 connection is done. I am using HP-UX IPF box and I am doing 32 bit compilation only. Even I have changed the optimization level for OpenSSL and no use. Any clue why this problem is occuring? Advance thanks, Kumaresh

Hello All, We have been successfully using PAM_LDAP authentication with OpenSSH-3.6 on our HP-UX 11.11. When OpenSSH-3.7.1p2 is installed [with Darrens' password expiry patch 26], and when Shadow password bundle is installed on the system, our ssh authentication failed. Even, when the source is compiled without Darren's patch, the same bahaviour is seen and there is no success. When

You need to disable ?ChallengeResponse? (aka keyboard-interactive) authentication, not password authentication, to protect against this attack. On Jul 22, 2015, at 1:56 PM, Bostjan Skufca <bostjan at a2o.si> wrote: > > And to answer your question about what to do, you have three options: > - disable access to ssh with a firewall > - disable password authentication > -

Hello, This problem is regarding the configuration directive called 'LoginGraceTime'. Problem Description: Tests were done with OpenSSH -3.6.1p2 and 3.7.1p2 on HP-UX. sshd is started with LoginGraceTime as 1 minute.Three windows were used to initiate the ssh client.After launching two clients wait for a sometime without issuing the password so it exceeds the grace period for login.when

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I wondered what part sshpam_thread() (in auth-pam.c) is playing wrt. PAM authentication. It seems to be never called from any other ssh code (judging from CVS as of 27.6.2004). I noticed this because the current openssh package in Debian unstable (3.8.1p1) is not calling the pam_authenticate() function at all, regardless of my configuration

hi, i don't understand how 3.6.1p2 breaks ssh1.... On Fri, Sep 12, 2003 at 10:27:15AM -0700, Mike Bethune wrote: > Hello, > the new way this works breaks windows ssh clients using v1 (I know, who cares :) > since when these options are enabled and you connect w/v1, the server asks: > Password: > Response: > and I guess these clients (tested putty, pscp, vandyke) expect

Hello, What is the effect of MaxStartups in the configuration file sshd_config? How this keyword effects the working of sshd? regards Kumaresh -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020613/8306c832/attachment.html

Hi all, I want to configure Kerberos as the authenticating service for Secure Shell.I am using a Linux machine as the KDC. I have successfully configured the server (Linux machine) as KDC. My client machine is HP-UX Version 11.11. Now when i initialize the client for kerberos by running "kinit" in the HP-UX machine(client), it displays "kinit: Time is out of bounds

Hello, We have a setup with OpenSSH server on HP-UX machine with windows SSH clients and the server system is in trusted mode. There are configuration settings in the trusted system to check the number of unsuccessful logins to the system and the account can be configured to lock if the real unsuccessful attempt is exceeding the allowable limit. Now, as SSH do not have any explicit code to check

Hi All, >From Changelog with 3.8: "The experimental "gssapi" support has been replaced with the "gssapi-with-mic" to fix possible MITM attacks.The two versions are not compatible." I am using OpenSSH-3.6 with Simon's patch and OpenSSH-3.7 built with GSSAPI support. The latest version OpenSSH-3.8 is not working with 3.6 or 3.7 with GSSAPI authentication. I

Hello All, I am using Kerberos-V in my machine (HP-UX version 11.11) and i successfully installed it. When i run the setup service # /opt/krb5/sbin/krb5setup options entered: ---------------- 1) Configure as a Primary Security Server 2) Default Security mechanism DES-MD5 3) Do you want to stash the principal database key on your local disk (y/n)? [y] : n 4) Secondary security server - q (skipped)

https://bugzilla.mindrot.org/show_bug.cgi?id=2475 Bug ID: 2475 Summary: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled Product: Portable OpenSSH Version: 7.1p1 Hardware: ix86 OS: Linux Status: NEW

Hello, I am using OpenSSH-3.8p1 on HP-UX machine with USE_POSIX_THREADS option. This is for making the kerberos credentials file to be created in the system with PAM. In OpenSSH versions 3.5 when authentication is done with pam kerberos, a /tmp/krb5cc_X_Y file is created on the server side. But the KRB5CCNAME variable is not set by default. So, after we manually set this environment variable, the

http://bugzilla.mindrot.org/show_bug.cgi?id=696 Summary: PAM modules getting bypassed when connecting from f- secure ssh client to openssh 3.7p1 or 3.7.1p1 servers Product: Portable OpenSSH Version: 3.7.1p1 Platform: Sparc OS/Version: Solaris Status: NEW Severity: minor Priority: P2

slogin "deadlocks" if you invoke it with the (useless, but legal) switch "-n". stdin is not passed to it (and the local ssh process ignores stdin), so it is not possible to kill it using <<~.>> Should the "-n_ switch be disallowed for an interactive invocation? Martin -- <Martin.Kraemer at Fujitsu-Siemens.com> | Fujitsu Siemens Fon:

Hello, I have recently download and compiled version 3.7.1p2 of openssh, but am having authentication issues with it. I have been using 3.6.1p1 with no problems. Both versions were compiled on the same Solaris 8 host. That host uses ldap for its name service. Both were compiled using the same openssh config options: --prefix=/opt/openssh --with-pam --with-zlib=/opt/openssh/lib However, the

https://bugzilla.mindrot.org/show_bug.cgi?id=1410 Summary: Correct UsePAM comment in sshd_config on Mac OS X Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: