ssh problem with passwd on SUSE 9.0
I assume sshd works in general for SUSE 9.0? I have just tried to use the ssh daemon for the first time and it is not working for me. In /var/log/messages I'm getting: "Dec 29 14:23:23 david sshd[20290]: Failed password for root from::ffff:10.0.1.100 port 1995" What else should I check? FYI: With both boxes I can connect as a normal user via the console and sux to root. No problems, so I know I have the passwords right. Thanks Greg -- Greg Freemyer
On Mon, 2003-12-29 at 14:40, Greg Freemyer wrote:
I assume sshd works in general for SUSE 9.0?
I have just tried to use the ssh daemon for the first time and it is not working for me.
In /var/log/messages I'm getting:
"Dec 29 14:23:23 david sshd[20290]: Failed password for root from::ffff:10.0.1.100 port 1995"
What else should I check?
FYI: With both boxes I can connect as a normal user via the console and sux to root. No problems, so I know I have the passwords right.
Thanks Greg -- Greg Freemyer
More Info: I just manually started sshd with the -d (debug) argument. I'm getting:
david:/home/gaf # /usr/sbin/sshd -d -o PidFile=/var/run/sshd.init.pid debug1: sshd version OpenSSH_3.7.1p2 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on ::. Server listening on :: port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from ::ffff:10.0.1.100 port 4539 debug1: Client protocol version 1.5; client software version PuTTY-Release-0.53b debug1: no match: PuTTY-Release-0.53b debug1: Local version string SSH-1.99-OpenSSH_3.7.1p2 debug1: Sent 768 bit server key and 1024 bit host key. debug1: Encryption type: blowfish debug1: Received session key; encryption turned on. debug1: Installing crc compensation attack detector. debug1: PAM: initializing for "root" debug1: PAM: setting PAM_RHOST to "10.0.1.100" debug1: PAM: setting PAM_TTY to "ssh" debug1: Attempting authentication for root. Password authentication disabled. Failed password for root from ::ffff:10.0.1.100 port 4539
I don't know if that is meaningfull, but the "Password authentication disabled." line looks pretty suspicious to me. Do I have to enable that somewhere in 9.0? I have not had to in 8.x. Greg -- Greg Freemyer
<SNIP> I think you need to activate remote root logins - look in the sysconfig part of YaST for relevant options. HTH Dylan -- Sweet moderation Heart of this nation Desert us not We are between the wars - Billy Bragg
On Mon, 2003-12-29 at 15:29, Dylan wrote:
<SNIP>
I think you need to activate remote root logins - look in the sysconfig part of YaST for relevant options.
HTH Dylan In Yast2, I see a place to enable/disable remote X connections, but nothing related to ssh.
Looking at /etc/ssh/sshd_config, I see: =========== # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no ..... but..... # Set this to 'yes' to enable PAM authentication (via challenge-response) # and session processing. Depending on your PAM configuration, this may # bypass the setting of 'PasswordAuthentication' UsePAM yes =========== This is not the way my SUSE 8.2 config file is setup. The implication is that in SUSE 9.0 sshd is using the PAM module instead of sshd native password authentication and that something is wrong with my PAM setup. Does anyone know a way to test my PAM setup? fyi: I have 2 boxes with this problem. Both started off as SUSE 8.0. I upgraded them to 8.2, and now to 9.0. I still have 8.2 boxes in production. Thanks Greg -- Greg Freemyer
Looking at http://marc.theaimsgroup.com/?l=suse-security&m=106706811709000&w=2 It appears there is a bug somewhere in the mix between: putty / sshd / pam If I understand it correctly, in SUSE 9.0 sshd is configured to exclusively use pam for authentication. With standard password authentication, that is working fine for Linux ssh clients, but it is not working with putty. I have followed the threads suggestion of directly enabling password authentication in sshd_config if you want to use putty. I'm not sure that this has any negative features, but it was obviously not the plan for 9.0. I'm surprised I have not seen this come up on SLE before. Greg -- Greg Freemyer
participants (2)
-
Dylan -
Greg Freemyer