Hullo!
Just started using OpenSSL on a RH6.2 box. I configured, made, installed
with the defaults, took the stock ssh.pam file and slapped it into
/etc/pam.d/ssh however I could not authenticate. I'm using a DSA host key
and attempting to connect from localhost. I've tried it without using PAM
but receive similar errors (Failed password for blinnmp), without the PAM
stuff in there.
I've attached my sshd_config and ssh_config files and am inserting my
logs. I feel this is an easy config fix that I just overlooked something
in the instructions... any help?
Thanks!
Michael Blinn
Local Square, Inc.
May 10 13:03:54 comprehensive19 sshd[20251]: Received SIGHUP; restarting.
May 10 13:03:54 comprehensive19 sshd[20257]: Server listening on 0.0.0.0 port 22.
May 10 13:04:00 comprehensive19 sshd[20259]: Failed password for blinnmp from
216.12.21.69 port 905 ssh2
May 10 13:04:02 comprehensive19 last message repeated 2 times
May 10 13:04:03 comprehensive19 sshd[20259]: Connection closed by 216.12.21.69
May 10 13:04:03 comprehensive19 sshd[20259]: Cannot close PAM session: System error
May 10 13:04:03 comprehensive19 sshd[20259]: Cannot delete credentials: Authentication
service cannot retrieve user credentials
# This is ssh server systemwide configuration file.
Port 22
Protocol 2,1
ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /usr/local/etc/ssh_host_key
ServerKeyBits 1024
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging
RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
#SkeyAuthentication no
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
CheckMail no
UseLogin no
# This is ssh client systemwide configuration file. This file provides
# defaults for users, and the values can be changed in per-user configuration
# files or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
# Host *
# ForwardAgent yes
# ForwardX11 yes
# RhostsAuthentication yes
# RhostsRSAAuthentication yes
# RSAAuthentication yes
# PasswordAuthentication yes
# FallBackToRsh yes
# UseRsh no
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking no
# IdentityFile ~/.ssh/identity
# Port 22
# Protocol 2,1
# Cipher 3des
# EscapeChar ~
# Be paranoid by default
Host *
ForwardAgent no
ForwardX11 no
FallBackToRsh no
