PAM, sshd and RSA does not work together!
Ed Schmollinger
schmolli at frozencrow.org
Tue Mar 23 16:28:18 UTC 2004
On Tue, Mar 23, 2004 at 10:33:55AM +0100, Roman wrote:
> I read the PAM manual page and still have not figured out what to change
> in /etc/pam.d/sshd to get it working.
>
> Where do I get information on what the different libraries exactly do
> and do I need a special library to make SSH RSA work?
> Can anyone provide a sample configuration for sshd that work for
> password and RSA login?
Public key login via OpenSSH doesn't go through PAM. If you've got it
enabled (check your sshd_config,) then you should see some messages in
your debug output that look something like this:
debug1: userauth-request for user schmolli service ssh-connection method publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 501/501 (e=0/0)
debug1: trying public key file /home/schmolli/.ssh/authorized_keys
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 501/501 (e=0/0)
debug1: trying public key file /home/schmolli/.ssh/authorized_keys2
debug1: restore_uid: 0/0
debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss Failed publickey for schmolli from 127.0.0.1 port 4434 ssh2
debug1: userauth-request for user schmolli service ssh-connection method password
If you have an OpenSSH client available, you may get something useful by
running it with -v -v -v. It'll at least tell you what the client is
trying to do.
Cheers,
--
Ed Schmollinger - schmolli at frozencrow.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pam-list/attachments/20040323/141c1e0a/attachment.sig>
More information about the Pam-list
mailing list