PAM, sshd and RSA does not work together!
mike at flyn.org
mike at flyn.org
Tue Mar 23 16:39:38 UTC 2004
>> I read the PAM manual page and still have not figured out what to change>
>> in /etc/pam.d/sshd to get it working.
>>
>> Where do I get information on what the different libraries exactly do
>> and do I need a special library to make SSH RSA work?
>> Can anyone provide a sample configuration for sshd that work for
>> password and RSA login?
>
> Public key login via OpenSSH doesn't go through PAM. If you've got it
> enabled (check your sshd_config,) then you should see some messages in
> your debug output that look something like this:
>
> debug1: userauth-request for user schmolli service ssh-connection method
pu> blickey
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method publickey
> debug1: test whether pkalg/pkblob are acceptable
> debug1: temporarily_use_uid: 501/501 (e=0/0)
> debug1: trying public key file /home/schmolli/.ssh/authorized_keys
> debug1: restore_uid: 0/0
> debug1: temporarily_use_uid: 501/501 (e=0/0)
> debug1: trying public key file /home/schmolli/.ssh/authorized_keys2
> debug1: restore_uid: 0/0
> debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss Failed publickey
for> schmolli from 127.0.0.1 port 4434 ssh2
> debug1: userauth-request for user schmolli service ssh-connection method
pa> ssword
>
> If you have an OpenSSH client available, you may get something useful by
> running it with -v -v -v. It'll at least tell you what the client is
> trying to do.
OpenSSH is very picky about the permissions on keys and authorized_key files.
Did you verify that you are complying with the strict permission
requirements?
--
Mike
More information about the Pam-list
mailing list