Here is the relevant snippet of /etc/pam.d/ssh:

# Read environment variables from /etc/environment and
# /etc/security/pam_env.conf.
auth       required     pam_env.so # [1]
# In Debian 4.0 (etch), locale-related environment variables were moved to
# /etc/default/locale, so read that as well.
auth       required     pam_env.so envfile=/etc/default/locale

# Standard Un*x authentication.
@include common-auth


common-auth consists of the following:

auth    required        pam_unix.so nullok


and /etc/security/pam_env.conf doesn't have any uncommented lines.



On Apr 12, 2007, at 3:30 PM, Steve Langasek wrote:

On Wed, Apr 11, 2007 at 06:24:23PM -0700, neuro wrote:

Upon doing a dist-upgrade to Debian 4.0 via aptitude, login via ssh
keyboard-interactive authentication to normal accounts (those with
passwords) was broken. ssh -v reported authentication succeeding, then
the connection would be closed immediately.

An excerpt from /var/log/auth.log showed there to be a problem with PAM:

Apr 11 16:48:28 localhost sshd[14571]: Accepted keyboard- interactive/pam for neuro from 38.100.222.81 port 1064 ssh2 Apr 11 16:48:28 localhost sshd[14576]: (pam_unix) session opened for user neuro by (uid=0) Apr 11 16:48:28 localhost sshd[14576]: fatal: PAM: pam_setcred(): Permission denied Apr 11 16:48:28 localhost sshd[14576]: (pam_unix) session closed for user neuro

What authentication modules do you have configured for sshd? This looks like a misconfiguration to me; if the pam_setcred part of a required auth module needs pam_authenticate() to be called first, configuring your service
such that PAM authentication is bypassed is a configuration error.

--
Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http:// www.debian.org/




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to