Yes, I have tried that option with no difference in behavior. It seems it ignores that option when provided. Just for reference, I am building it on RedHat 5. I have never had this issue on any previous version of OpenSSH. I use the default configuration with only the changes specified in the RHEL 5 STIG applied.
I appreciate the security advice. The root account was indicated simply as an anonymous indicator. I do have PermitRootLogin=no applied. But this same issue is present regardless of the account provided.
Best regards,
Trey Henefield, CISSP
Senior IAVA Engineer
Ultra Electronics
Advanced Tactical Systems, Inc.
4101 Smith School Road
Building IV, Suite 100
Austin, TX 78744 USA
Trey.Henefield@xxxxxxxxxxxxx
Tel: +1 512 327 6795 ext. 647
Fax: +1 512 327 8043
Mobile: +1 512 541 6450
www.ultra-ats.com
-----Original Message-----
From: Daniel Kahn Gillmor [dkg@xxxxxxxxxxxxxxxxx]
Received: Thursday, 15 Jan 2015, 4:03PM
To: Trey Henefield [trey.henefield@xxxxxxxxxxxxx]; Ángel González [keisial@xxxxxxxxx]
CC: openssh-unix-dev@xxxxxxxxxxx [openssh-unix-dev@xxxxxxxxxxx]
Subject: RE: OpenSSH v6.7 & NumberOfPasswordPrompts Option ...
On Thu 2015-01-15 15:47:33 -0500, Trey Henefield wrote:
> debug3: authmethod_lookup keyboard-interactive
> debug3: remaining preferred: password
> debug3: authmethod_is_enabled keyboard-interactive
> debug1: Next authentication method: keyboard-interactive
> debug2: userauth_kbdint
> debug2: we sent a keyboard-interactive packet, wait for reply
> debug2: input_userauth_info_req
> debug2: input_userauth_info_req: num_prompts 1
> Password:
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred:
> debug3: authmethod_is_enabled password
> debug1: Next authentication method: password
> root@10.10.2.51's password:
> debug2: we sent a password packet, wait for reply
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug2: we did not send a packet, disable method
> debug1: No more authentication methods to try.
> Permission denied (publickey,password,keyboard-interactive).
>
>
> In the above output, the first prompt is "Password:". The second prompt is "root@10.10.2.51's password:"
The first prompt is a keyboard-interactive prompt; the second prompt is
the password prompt. please try again with
-oKbdInteractiveAuthentication=no
Regards,
--dkg
PS if possible, you should probably avoid using password authentication
for the root account anyway, but that's a sideline to the issue you're
seeing here.
Disclaimer
The information contained in this communication from trey.henefield@xxxxxxxxxxxxx sent at 2015-01-15 17:54:25 is confidential and may be legally privileged.
It is intended solely for use by openssh-unix-dev@xxxxxxxxxxx and others authorized to receive it. If you are not openssh-unix-dev@xxxxxxxxxxx you are hereby notified that
any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
