Displaying 20 results from an estimated 3000 matches similar to: "chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/"
2014 Dec 18
3
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
On Thu, Dec 18, 2014 at 2:01 AM, Damien Miller <...> wrote:
> On Wed, 17 Dec 2014, Dmt Ops wrote:
>
>> vi /etc/ssh/sshd_config
>> ...
>> - ChallengeResponseAuthentication no
>> + ChallengeResponseAuthentication yes
>> + KbdInteractiveAuthentication yes
>>
2014 Dec 23
3
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
On Sun, Dec 21, 2014 at 5:25 PM, Damien Miller <djm at mindrot.org> wrote:
> On Fri, 19 Dec 2014, Dmt Ops wrote:
>
> > I added an EXPLICIT
> >
> > AuthenticationMethods publickey,keyboard-interactive
> > + UsePam yes
> >
> > to sshd_config. Now, at connect attempt I get
> >
> > Password:
> > Verification code:
> >
2014 Dec 19
2
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
I added an EXPLICIT
AuthenticationMethods publickey,keyboard-interactive
+ UsePam yes
to sshd_config. Now, at connect attempt I get
Password:
Verification code:
Password:
Verification code:
Password:
...
I.e.,
It's asking for Password, not accepting pubkey
AND
when given the password (which is correct), and the GA VerificationCode, it
simply repeats the credentials request.
2014 Dec 23
2
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
On Tue, 23 Dec 2014, Dmt Ops wrote:
> testing goole-authenticator's standalone functionality, it
>
> > cd google-authenticator/libpam/
> > ./demo
> Verification code: 123456
> Login failed
> Invalid verification code
> >
>
> fails with an INVALID code, and
>
> > ./demo
> Verification code:
2014 May 16
2
? about portable version of sshd crashing
I am porting over the portable version of openssh to our uCLinux
implementation. Everything has worked with minimal effort and I appreciate
all the work.
But, I am having a problem whereby the sshd executable is crashing and I
really could use some help on where to look at this in more details.
Here is how I start up the sshd for testing.
/usr/sbin/sshd -D -ddd -f /etc/ssh/sshd_config -p 65
2009 Oct 29
1
Match vs. ChallengeResponseAuthentication?
Hello,
We'd like to allow passwords only from the local network, and allow public key auth from on-campus or off-campus. The server runs SuSE Linux, and we might do the same on RHEL/CentOS & Mac OS X if we can get it to work.
Unfortunately, Match allows PasswordAuthentication but not ChallengeResponseAuthentication. Is there any reason ChallengeResponseAuthentication cannot be
2015 Jul 18
2
can't ssh into C7 host
hey guys,
Yesterday I had no trouble loggging into this database host. But today for
some reason I can't log in using my RSA key and password authentication
doesn't work either.
I am able to log onto the host via console. And I was able to grab the ssh
config file. Here it is:
[root at db1 ~]# grep -v '#' /etc/ssh/sshd_config |sed '/^\s*$/d'
HostKey
2011 Mar 09
0
Match and ChallengeResponseAuthentication
Hi,
I'd like to allow PAM authentication only from the local network, and
from the Internet only allow public key authentication.
A similar-enough problem has been discussed on this list previously:
http://www.gossamer-threads.com/lists/openssh/dev/47179?search_string=match%20challengeresponseauthentication;#47179
More specifically, I would like to allow PAM authentication from the
2010 Apr 02
2
AuthorizedKeysFile with default value prevents Public/Private key authentication
Hi All,
I noticed that if I put:
AuthorizedKeysFile .ssh/authorized_keys in my sshd_config file,
pub/priv key authentication no longer worked.
I am using OpenSSH_5.4p1, OpenSSL 0.9.8n 24 Mar 2010
on Archlinux.
Sam
****************** Here is my WORKING config ******************
Port 22
ListenAddress 0.0.0.0
Protocol 2
PermitRootLogin no
PubkeyAuthentication yes
#AuthorizedKeysFile
2004 Apr 07
2
Requiring multiple auth mechanisms
I looked around for a while, but couldn't find any code for requiring multiple
authentication mechanisms in openssh. So I wrote an implemention.
I thought at first I should change the PasswordAuthentication,
PubkeyAuthentication, etc. keywords to allow no/yes/required. But there's some
funky stuff in auth2.c with respect to keyboard interactive auth that would make
this kind of
2007 Mar 22
1
ChallengeResponseAuthentication defaults to no?
Hello,
I have just installed OpenSSH 4.6p1 and it appears that ChallengeResponseAuthentication is not allowed unless I explicitly set it to "yes" in the sshd_config file. I am using the same config file as I did with 4.5p1 where it was allowed by default. Also, this is OpenSSH package from sunfreeware, but I believe that both versions were compiled with the same options.
Is this the
2015 Jul 19
0
can't ssh into C7 host
Am 19.07.2015 um 01:58 schrieb Tim Dunphy:
> hey guys,
>
> Yesterday I had no trouble loggging into this database host. But today for
> some reason I can't log in using my RSA key and password authentication
> doesn't work either.
>
> I am able to log onto the host via console. And I was able to grab the ssh
> config file. Here it is:
>
> [root at db1 ~]# grep
2015 Jan 15
2
OpenSSH v6.7 & NumberOfPasswordPrompts Option ...
So it appears that I am getting a keyboard-interactive prompt and then a password prompt.
Here is the output of the requested command:
ssh -vvv -o NumberOfPasswordPrompts=1 -t root at 10.10.2.51
OpenSSH_6.7p1, OpenSSL 1.0.1k-fips 8 Jan 2015
debug1: Reading configuration data /cygdrive/c/progra~1/OpenSSH/etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.10.2.51 [10.10.2.51]
2001 Jun 26
1
OpenSSH 2.9p2 with PAMAuthenticationViaKbdInt
When using PAM to do password authenticaion the attempt/failure counter
appears to be getting confused. This is using a rh62 system with the
openssh-2.9p2-1 rpms...
On the client side...
[matthewm at toadhall (7) matthewm]$ grep Auth /etc/ssh/ssh_config
RhostsAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
RSAAuthentication no
PubkeyAuthentication yes
[Bug 1922] New: Disabling ChallengeResponseAuthentication also disables KbdInteractiveAuthentication
2011 Jul 30
0
[Bug 1922] New: Disabling ChallengeResponseAuthentication also disables KbdInteractiveAuthentication
https://bugzilla.mindrot.org/show_bug.cgi?id=1922
Bug #: 1922
Summary: Disabling ChallengeResponseAuthentication also
disables KbdInteractiveAuthentication
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.8p2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
2015 Apr 07
2
OpenSSH 6.6.x sends invalid SSH_MSG_USERAUTH_INFO_REQUEST
Darren Tucker <dtucker at zip.com.au> writes:
>That's a vendor-modified version of OpenSSH. Assuming it corresponds to
>what's in FreeBSD head, there's about a thousand lines of changes.
Ugh.
>Can you reproduce the problem with an unmodified version from openssh.com?
>Failing that, can you get the server-side debug output from a failing
>connection (ie
2015 Jan 15
4
OpenSSH v6.7 & NumberOfPasswordPrompts Option ...
Greetings,
I discovered an issue in the latest version of SSH, where the number of password prompts are doubled. If I specify 1, I get 2, and so on.
Best regards,
Trey Henefield, CISSP
Senior IAVA Engineer
Ultra Electronics
Advanced Tactical Systems, Inc.
4101 Smith School Road
Building IV, Suite 100
Austin, TX 78744 USA
Trey.Henefield at ultra-ats.com
Tel: +1 512 327 6795 ext. 647
Fax: +1
2015 Sep 28
4
[Bug 2475] New: Login failure when PasswordAuthentication, ChallengeResponseAuthentication, and PermitEmptyPasswords are all enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=2475
Bug ID: 2475
Summary: Login failure when PasswordAuthentication,
ChallengeResponseAuthentication, and
PermitEmptyPasswords are all enabled
Product: Portable OpenSSH
Version: 7.1p1
Hardware: ix86
OS: Linux
Status: NEW
2015 Dec 11
4
Support for ChallengeResponseAuthentication in Match section
Hi,
I'm using 2-factor authentication (pubkey+googe_authenticator) and
have an issue with rsync. It's configured to use pubkey to
authenticate to server so when google_authentication is bypassed by
not creating .google_authenticator file for particular user (thanks to
nullok option in PAM) it still sends to stderr "Authenticated with
partial success." message although it
2002 Jun 26
2
OpenSSH Security Advisory (adv.iss)
1. Versions affected:
All versions of OpenSSH's sshd between 2.9.9 and 3.3
contain an input validation error that can result in
an integer overflow and privilege escalation.
OpenSSH 3.4 and later are not affected.
OpenSSH 3.2 and later prevent privilege escalation
if UsePrivilegeSeparation is enabled in sshd_config.
OpenSSH 3.3 enables