similar to: chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/

On Thu, Dec 18, 2014 at 2:01 AM, Damien Miller <...> wrote: > On Wed, 17 Dec 2014, Dmt Ops wrote: > >> vi /etc/ssh/sshd_config >> ... >> - ChallengeResponseAuthentication no >> + ChallengeResponseAuthentication yes >> + KbdInteractiveAuthentication yes >>

On Sun, Dec 21, 2014 at 5:25 PM, Damien Miller <djm at mindrot.org> wrote: > On Fri, 19 Dec 2014, Dmt Ops wrote: > > > I added an EXPLICIT > > > > AuthenticationMethods publickey,keyboard-interactive > > + UsePam yes > > > > to sshd_config. Now, at connect attempt I get > > > > Password: > > Verification code: > >

I added an EXPLICIT AuthenticationMethods publickey,keyboard-interactive + UsePam yes to sshd_config. Now, at connect attempt I get Password: Verification code: Password: Verification code: Password: ... I.e., It's asking for Password, not accepting pubkey AND when given the password (which is correct), and the GA VerificationCode, it simply repeats the credentials request.

On Tue, 23 Dec 2014, Dmt Ops wrote: > testing goole-authenticator's standalone functionality, it > > > cd google-authenticator/libpam/ > > ./demo > Verification code: 123456 > Login failed > Invalid verification code > > > > fails with an INVALID code, and > > > ./demo > Verification code:

I am porting over the portable version of openssh to our uCLinux implementation. Everything has worked with minimal effort and I appreciate all the work. But, I am having a problem whereby the sshd executable is crashing and I really could use some help on where to look at this in more details. Here is how I start up the sshd for testing. /usr/sbin/sshd -D -ddd -f /etc/ssh/sshd_config -p 65

Hello, We'd like to allow passwords only from the local network, and allow public key auth from on-campus or off-campus. The server runs SuSE Linux, and we might do the same on RHEL/CentOS & Mac OS X if we can get it to work. Unfortunately, Match allows PasswordAuthentication but not ChallengeResponseAuthentication. Is there any reason ChallengeResponseAuthentication cannot be

hey guys, Yesterday I had no trouble loggging into this database host. But today for some reason I can't log in using my RSA key and password authentication doesn't work either. I am able to log onto the host via console. And I was able to grab the ssh config file. Here it is: [root at db1 ~]# grep -v '#' /etc/ssh/sshd_config |sed '/^\s*$/d' HostKey

Hi, I'd like to allow PAM authentication only from the local network, and from the Internet only allow public key authentication. A similar-enough problem has been discussed on this list previously: http://www.gossamer-threads.com/lists/openssh/dev/47179?search_string=match%20challengeresponseauthentication;#47179 More specifically, I would like to allow PAM authentication from the

Hi All, I noticed that if I put: AuthorizedKeysFile .ssh/authorized_keys in my sshd_config file, pub/priv key authentication no longer worked. I am using OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010 on Archlinux. Sam ****************** Here is my WORKING config ****************** Port 22 ListenAddress 0.0.0.0 Protocol 2 PermitRootLogin no PubkeyAuthentication yes #AuthorizedKeysFile

I looked around for a while, but couldn't find any code for requiring multiple authentication mechanisms in openssh. So I wrote an implemention. I thought at first I should change the PasswordAuthentication, PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some funky stuff in auth2.c with respect to keyboard interactive auth that would make this kind of

Hello, I have just installed OpenSSH 4.6p1 and it appears that ChallengeResponseAuthentication is not allowed unless I explicitly set it to "yes" in the sshd_config file. I am using the same config file as I did with 4.5p1 where it was allowed by default. Also, this is OpenSSH package from sunfreeware, but I believe that both versions were compiled with the same options. Is this the

Am 19.07.2015 um 01:58 schrieb Tim Dunphy: > hey guys, > > Yesterday I had no trouble loggging into this database host. But today for > some reason I can't log in using my RSA key and password authentication > doesn't work either. > > I am able to log onto the host via console. And I was able to grab the ssh > config file. Here it is: > > [root at db1 ~]# grep

So it appears that I am getting a keyboard-interactive prompt and then a password prompt. Here is the output of the requested command: ssh -vvv -o NumberOfPasswordPrompts=1 -t root at 10.10.2.51 OpenSSH_6.7p1, OpenSSL 1.0.1k-fips 8 Jan 2015 debug1: Reading configuration data /cygdrive/c/progra~1/OpenSSH/etc/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.10.2.51 [10.10.2.51]

When using PAM to do password authenticaion the attempt/failure counter appears to be getting confused. This is using a rh62 system with the openssh-2.9p2-1 rpms... On the client side... [matthewm at toadhall (7) matthewm]$ grep Auth /etc/ssh/ssh_config RhostsAuthentication no RhostsRSAAuthentication no HostbasedAuthentication no RSAAuthentication no PubkeyAuthentication yes

https://bugzilla.mindrot.org/show_bug.cgi?id=1922 Bug #: 1922 Summary: Disabling ChallengeResponseAuthentication also disables KbdInteractiveAuthentication Classification: Unclassified Product: Portable OpenSSH Version: 5.8p2 Platform: All OS/Version: All Status: NEW Severity: normal

Darren Tucker <dtucker at zip.com.au> writes: >That's a vendor-modified version of OpenSSH. Assuming it corresponds to >what's in FreeBSD head, there's about a thousand lines of changes. Ugh. >Can you reproduce the problem with an unmodified version from openssh.com? >Failing that, can you get the server-side debug output from a failing >connection (ie

Greetings, I discovered an issue in the latest version of SSH, where the number of password prompts are doubled. If I specify 1, I get 2, and so on. Best regards, Trey Henefield, CISSP Senior IAVA Engineer Ultra Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA Trey.Henefield at ultra-ats.com Tel: +1 512 327 6795 ext. 647 Fax: +1

https://bugzilla.mindrot.org/show_bug.cgi?id=2475 Bug ID: 2475 Summary: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled Product: Portable OpenSSH Version: 7.1p1 Hardware: ix86 OS: Linux Status: NEW

Hi, I'm using 2-factor authentication (pubkey+googe_authenticator) and have an issue with rsync. It's configured to use pubkey to authenticate to server so when google_authentication is bypassed by not creating .google_authenticator file for particular user (thanks to nullok option in PAM) it still sends to stderr "Authenticated with partial success." message although it

1. Versions affected: All versions of OpenSSH's sshd between 2.9.9 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. OpenSSH 3.4 and later are not affected. OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled in sshd_config. OpenSSH 3.3 enables