we are running a Suse 8.1 Linux file server and would like to connect to it through SSH via the public key mechanism (RSA) from our Windows2000 clients.
Connecting to the linux box with the user/password mechanism just works fine, but the pubilc key mechanism fails.
What I have found so far is (from syslog), that sshd calls PAM which accepts when verifing the password but denies with the RSA.
I read the PAM manual page and still have not figured out what to change in /etc/pam.d/sshd to get it working.
Where do I get information on what the different libraries exactly do and do I need a special library to make SSH RSA work?
Can anyone provide a sample configuration for sshd that work for password and RSA login?
Here is the syslog ...
Mar 22 10:12:02 riale sshd[11288]: debug1: Forked child 11332.
Mar 22 10:12:02 riale sshd[11332]: Connection from ::ffff:192.168.252.71 port 1288
Mar 22 10:12:02 riale sshd[11332]: debug1: Client protocol version 1.5; client software version PuTTY-Release-0.53
Mar 22 10:12:02 riale sshd[11332]: debug1: no match: PuTTY-Release-0.53
Mar 22 10:12:02 riale sshd[11332]: debug1: Local version string SSH-1.99-OpenSSH_3.4p1
Mar 22 10:12:02 riale sshd[11332]: debug2: Network child is on pid 11333
Mar 22 10:12:02 riale sshd[11332]: debug3: preauth child monitor started
Mar 22 10:12:02 riale sshd[11332]: debug3: mm_request_receive entering
Mar 22 10:12:02 riale sshd[11332]: debug3: monitor_read: checking request 36
Mar 22 10:12:02 riale sshd[11332]: debug3: mm_request_send entering: type 37
Mar 22 10:12:02 riale sshd[11332]: debug2: monitor_read: 36 used once, disabling now
Mar 22 10:12:02 riale sshd[11332]: debug3: mm_request_receive entering
Mar 22 10:12:02 riale sshd[11332]: debug3: monitor_read: checking request 38
Mar 22 10:12:02 riale sshd[11332]: debug3: mm_answer_sessid entering
Mar 22 10:12:02 riale sshd[11332]: debug2: monitor_read: 38 used once, disabling now
Mar 22 10:12:02 riale sshd[11332]: debug3: mm_request_receive entering
Mar 22 10:12:04 riale sshd[11332]: debug3: monitor_read: checking request 6
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_answer_pwnamallow
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_request_send entering: type 7
Mar 22 10:12:04 riale sshd[11332]: debug2: monitor_read: 6 used once, disabling now
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_request_receive entering
Mar 22 10:12:04 riale sshd[11332]: debug3: monitor_read: checking request 45
Mar 22 10:12:04 riale sshd[11332]: debug1: Starting up PAM with username "moor"
Mar 22 10:12:04 riale sshd[11332]: debug3: Trying to reverse map address 192.168.252.71.
Mar 22 10:12:04 riale sshd[11332]: Could not reverse map address 192.168.252.71.
Mar 22 10:12:04 riale sshd[11332]: debug1: PAM setting rhost to "192.168.252.71"
Mar 22 10:12:04 riale sshd[11332]: debug2: monitor_read: 45 used once, disabling now
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_request_receive entering
Mar 22 10:12:04 riale sshd[11332]: debug3: monitor_read: checking request 10
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_answer_authpassword: sending result 0
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_request_send entering: type 11
Mar 22 10:12:04 riale sshd[11332]: Failed none for moor from ::ffff:192.168.252.71 port 1288
Mar 22 10:12:04 riale sshd[11332]: debug3: mm_request_receive entering
and the sshd configuration file:
#%PAM-1.0 auth required pam_unix2.so # set_secrpc auth required pam_nologin.so auth required pam_env.so account required pam_unix2.so account required pam_nologin.so password required pam_pwcheck.so password required pam_unix2.so use_first_pass use_authtok session required pam_unix2.so none # trace or debug session required pam_limits.so
I would appreciate some help.
Roman
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
