I ruled out the third possibility by changing the pass , making it md5 again and tried to login with ssh...but it was permission denied About the first possibility .. is there a way to check if the pam module 'pam_unix.so' supports (freebsd) md5 encryption ? Second possibility .. after changing the pass of testuser (md5) and of another user and tried just a plain login from the console it works, login uses pam authentication ... > Steve Langasek <vorlon@netexpress.net> pam-list@redhat.com Re: openssh + pam authentication failing +md5 (?!) HELP HELP HELP !Reply-To: pam-list@redhat.com >Date: Mon, 6 May 2002 11:26:05 -0500 > >On Mon, May 06, 2002 at 08:52:41AM -0700, light storm wrote: >> Hello Steve,all > >> I added the debug option the password rule and the auth rule in the >> sshd pam file, but as far as i can see nothing was sent to the logs, i >> mean messages and warn logs, unless i should check some other log >> which i cannot see at the moment ?? > >You would need to check your /etc/syslog.conf to see where -- if >anywhere -- auth.* messages are currently being sent. On my machine, >that's /var/log/auth and /var/log/debug. > >> But i think i found the problem but if it is real then i still don't >> know what i can do: > >> I changed the password of the user 'testuser' with some other tool >> which doesn't create md5 passwords. > >> Then i tried again ssh and now i can login, but 2 things i conclude >> now: 1. ssh lets me , i only need the first 8 chars to enter >> 2. it seems that when it's md5 encrypted then authentication >> fails. > >If using traditional crypt passwords, only the first 8 characters of the >password are encrypted. > >> debug1: PAM Password authentication accepted for user "testuser" >> Accepted password for testuser from 192.168.200.30 port 33030 ssh2 >> debug1: Entering interactive session for SSH2. > >A couple possibilities I can think of: > >The pam_unix module you're using doesn't support md5 passwords. > >The password you had for testuser was not a valid md5 hash, causing >authentication to fail. > >The testuser account was expired, and PAM was requiring a password >change, but the password change was failing. > >To rule out the third possibility, I suggest setting a new md5 password >for testuser and trying to ssh in again. > >Steve Langasek >postmodern programmer >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.6 (GNU/Linux) >Comment: For info see http://www.gnupg.org > >iD8DBQE81q6cKN6ufymYLloRAm5tAJsEXWRQqvwkHLLgvVovArcZYdPfOgCfZlOp >4yPKUt6SYku4bG02nfJWwho= >=AZN/ >-----END PGP SIGNATURE----- ------------------------------------------------------------ Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com AntiOnline - The Internet's Information Security Super Center! --------------------------------------------------------------------- Express yourself with a super cool email address from BigMailBox.com. Hundreds of choices. It's free! http://www.bigmailbox.com ---------------------------------------------------------------------
