PAM, sshd and RSA does not work together!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi there,

we are running a Suse 8.1 Linux file server and would like to connect to it through SSH via the public key mechanism (RSA) from our Windows2000 clients.
Connecting to the linux box with the user/password mechanism just works fine, but the pubilc key mechanism fails.
What I have found so far is (from syslog), that sshd calls PAM which accepts when verifing the password but denies with the RSA.


I read the PAM manual page and still have not figured out what to change in /etc/pam.d/sshd to get it working.

Where do I get information on what the different libraries exactly do and do I need a special library to make SSH RSA work?
Can anyone provide a sample configuration for sshd that work for password and RSA login?


Here is the syslog ...

Mar 22 10:12:02 riale sshd[11288]: debug1: Forked child 11332.
Mar 22 10:12:02 riale sshd[11332]: Connection from ::ffff:192.168.252.71 port 1288
Mar 22 10:12:02 riale sshd[11332]: debug1: Client protocol version 1.5; client software version PuTTY-Release-0.53
Mar 22 10:12:02 riale sshd[11332]: debug1: no match: PuTTY-Release-0.53
Mar 22 10:12:02 riale sshd[11332]: debug1: Local version string SSH-1.99-OpenSSH_3.4p1
Mar 22 10:12:02 riale sshd[11332]: debug2: Network child is on pid 11333
Mar 22 10:12:02 riale sshd[11332]: debug3: preauth child monitor started
Mar 22 10:12:02 riale sshd[11332]: debug3: mm_request_receive entering
Mar 22 10:12:02 riale sshd[11332]: debug3: monitor_read: checking request 36
Mar 22 10:12:02 riale sshd[11332]: debug3: mm_request_send entering: type 37
Mar 22 10:12:02 riale sshd[11332]: debug2: monitor_read: 36 used once, disabling now
Mar 22 10:12:02 riale sshd[11332]: debug3: mm_request_receive entering
Mar 22 10:12:02 riale sshd[11332]: debug3: monitor_read: checking request 38
Mar 22 10:12:02 riale sshd[11332]: debug3: mm_answer_sessid entering
Mar 22 10:12:02 riale sshd[11332]: debug2: monitor_read: 38 used once, disabling now
Mar 22 10:12:02 riale sshd[11332]: debug3: mm_request_receive entering
Mar 22 10:12:04 riale sshd[11332]: debug3: monitor_read: checking request 6
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_answer_pwnamallow
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_request_send entering: type 7
Mar 22 10:12:04 riale sshd[11332]: debug2: monitor_read: 6 used once, disabling now
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_request_receive entering
Mar 22 10:12:04 riale sshd[11332]: debug3: monitor_read: checking request 45
Mar 22 10:12:04 riale sshd[11332]: debug1: Starting up PAM with username "moor"
Mar 22 10:12:04 riale sshd[11332]: debug3: Trying to reverse map address 192.168.252.71.
Mar 22 10:12:04 riale sshd[11332]: Could not reverse map address 192.168.252.71.
Mar 22 10:12:04 riale sshd[11332]: debug1: PAM setting rhost to "192.168.252.71"
Mar 22 10:12:04 riale sshd[11332]: debug2: monitor_read: 45 used once, disabling now
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_request_receive entering
Mar 22 10:12:04 riale sshd[11332]: debug3: monitor_read: checking request 10
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_answer_authpassword: sending result 0
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_request_send entering: type 11
Mar 22 10:12:04 riale sshd[11332]: Failed none for moor from ::ffff:192.168.252.71 port 1288
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_request_receive entering


and the sshd configuration file:

#%PAM-1.0
auth     required       pam_unix2.so    # set_secrpc
auth     required       pam_nologin.so
auth     required       pam_env.so
account  required       pam_unix2.so
account  required    pam_nologin.so
password required       pam_pwcheck.so
password required       pam_unix2.so    use_first_pass use_authtok
session  required       pam_unix2.so    none # trace or debug
session  required       pam_limits.so

I would appreciate some help.

Roman


_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux