Permission denied (publickey,keyboard-interactive).

authenticating an user with ssh on AIX 5.3 64 bit machine.
configured with openssl-0.98e,openssh-4.5P1.(ALL from source file not
rpm package).

for eg) say
ssh -l hi 192.16.146.78
gives me this error
Permission denied (publickey,keyboard-interactive).

can any one provide a solution to this problem.

0
5/10/2007 6:57:30 PM
comp.unix.aix 10938 articles. 0 followers. drkirkby (98) is leader. Post Follow

7 Replies
413 Views

Similar Articles

[PageSpeed] 5
Hi,

It is always a good idea to start a second sshd on the server
of course in Debugmode on an other port, not as daemon, like

sshd -D -p22000 -d (-d -d as much as you like)

then do a ssh -v -p22000 on the client

now there should be enough Information to splve the problem.

regards

Volker



<kumaaraswamy@gmail.com> schrieb im Newsbeitrag 
news:1178823450.564954.35830@y80g2000hsf.googlegroups.com...
> authenticating an user with ssh on AIX 5.3 64 bit machine.
> configured with openssl-0.98e,openssh-4.5P1.(ALL from source file not
> rpm package).
>
> for eg) say
> ssh -l hi 192.16.146.78
> gives me this error
> Permission denied (publickey,keyboard-interactive).
>
> can any one provide a solution to this problem.
> 


0
volkerg1 (4)
5/10/2007 7:19:23 PM
Volker,
Thanks for your help.

I have attached here with the logs (degug mode).
I am not able to fix the problem.
Kindly help to solve this problem.

bash-3.00# /usr/sbin/sshd -D -p19879 -ddd
debug2: load_server_config: filename /usr/etc/sshd_config
debug2: load_server_config: done config len = 281
debug2: parse_server_config: config /usr/etc/sshd_config len 281
debug3: /usr/etc/sshd_config:22 setting HostKey /usr/etc/
ssh_host_rsa_key
debug3: /usr/etc/sshd_config:23 setting HostKey /usr/etc/
ssh_host_dsa_key
debug3: /usr/etc/sshd_config:57 setting PasswordAuthentication no
debug3: /usr/etc/sshd_config:83 setting UsePAM yes
debug3: /usr/etc/sshd_config:95 setting UsePrivilegeSeparation no
debug3: /usr/etc/sshd_config:109 setting Subsystem sftp /usr/libexec/
sftp-server
debug1: sshd version OpenSSH_4.5p1
debug3: Not a RSA1 key file /usr/etc/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Not a RSA1 key file /usr/etc/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
Disabling protocol version 1. Could not load host key
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-p19879'
debug1: rexec_argv[3]='-ddd'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 19879 on 0.0.0.0.
Server listening on 0.0.0.0 port 19879.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 19879 on ::.
Bind to port 19879 on :: failed: Address already in use.
debug1: fd 4 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 7 config len 281
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 172.16.146.210 port 32847
debug1: Client protocol version 2.0; client software version
OpenSSH_4.5
debug1: match: OpenSSH_4.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug2: fd 3 setting O_NONBLOCK
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
hellman-g
roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-
sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
hellman-g
roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-
sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
cbc,arcfour1
28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
cbc@lysator.liu.se,aes128-c
tr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug2: dh_gen_key: priv key bits set: 130/256
debug2: bits set: 509/1024
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug2: bits set: 497/1024
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user ji service ssh-connection method
none
debug1: attempt 0 failures 0
debug3: Trying to reverse map address 172.16.146.210.
debug2: parse_server_config: config reprocess config len 281
debug3: AIX/loginrestrictions returned 0 msg (none)
debug2: input_userauth_request: setting up authctxt for ji
debug1: PAM: initializing for "ji"
debug1: PAM: setting PAM_RHOST to "csm100.pam.com"
debug2: input_userauth_request: try method none
Failed none for ji from 172.16.146.210 port 32847 ssh2
debug1: userauth-request for user ji service ssh-connection method
publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 204/0 (e=0/0)
debug1: trying public key file /home/ji/.ssh/authorized_keys
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 204/0 (e=0/0)
debug1: trying public key file /home/ji/.ssh/authorized_keys2
debug1: restore_uid: 0/0
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
Failed publickey for ji from 172.16.146.210 port 32847 ssh2
debug1: userauth-request for user ji service ssh-connection method
keyboard-inte
ractive
debug1: attempt 2 failures 2
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=ji devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug2: kbdint_next_device: devices <empty>
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: PAM: sshpam_init_ctx entering
debug3: PAM: sshpam_query entering
debug3: ssh_msg_recv entering
debug3: PAM: sshpam_thread_conv entering, 1 messages
debug3: ssh_msg_send: type 1
debug3: ssh_msg_recv entering
Postponed keyboard-interactive for ji from 172.16.146.210 port 32847
ssh2
debug2: PAM: sshpam_respond entering, 1 responses
debug3: ssh_msg_send: type 6
debug3: PAM: sshpam_query entering
debug3: ssh_msg_recv entering
debug1: do_pam_account: called
debug3: PAM: do_pam_account pam_acct_mgmt = 17 (User account has
expired)
debug3: ssh_msg_send: type 17
debug3: PAM: User account has expired
PAM: User account has expired for ji from csm100.pam.com
debug2: auth2_challenge_start: devices <empty>
debug3: PAM: sshpam_free_ctx entering
debug3: PAM: sshpam_thread_cleanup entering
Failed keyboard-interactive/pam for ji from 172.16.146.210 port 32847
ssh2
debug3: AIX/setauthdb set registry 'files'
debug3: aix_restoreauthdb: restoring old registry ''
debug1: userauth-request for user ji service ssh-connection method
keyboard-inte
ractive
debug1: attempt 3 failures 3
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=ji devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug2: kbdint_next_device: devices <empty>
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: PAM: sshpam_init_ctx entering
Failed keyboard-interactive for ji from 172.16.146.210 port 32847 ssh2
debug3: AIX/setauthdb set registry 'files'
debug3: aix_restoreauthdb: restoring old registry ''
debug1: userauth-request for user ji service ssh-connection method
keyboard-inte
ractive
debug1: attempt 4 failures 4
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=ji devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug2: kbdint_next_device: devices <empty>
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: PAM: sshpam_init_ctx entering
Failed keyboard-interactive for ji from 172.16.146.210 port 32847 ssh2
debug3: AIX/setauthdb set registry 'files'
debug3: aix_restoreauthdb: restoring old registry ''
Connection closed by 172.16.146.210
debug1: do_cleanup
bash-3.00#


0
5/11/2007 5:40:05 PM
Hi,

> usr/etc/sshd_config:57 setting PasswordAuthentication no

looks a little strange.
How do you want to login?
With a public key?
If you want to login with password set it to "yes"
Try this at first

If you use PAM, what kind of Authentication do you want to use?

> debug3: PAM: do_pam_account pam_acct_mgmt = 17 (User account has
> expired)
> debug3: ssh_msg_send: type 17
> debug3: PAM: User account has expired
> PAM: User account has expired for ji from csm100.pam.com

seems like your Account has expired??

hth

regards

volker

<kumaaraswamy@gmail.com> schrieb im Newsbeitrag 
news:1178905205.885549.55360@o5g2000hsb.googlegroups.com...
> Volker,
> Thanks for your help.
>
> I have attached here with the logs (degug mode).
> I am not able to fix the problem.
> Kindly help to solve this problem.
>
> bash-3.00# /usr/sbin/sshd -D -p19879 -ddd
> debug2: load_server_config: filename /usr/etc/sshd_config
> debug2: load_server_config: done config len = 281
> debug2: parse_server_config: config /usr/etc/sshd_config len 281
> debug3: /usr/etc/sshd_config:22 setting HostKey /usr/etc/
> ssh_host_rsa_key
> debug3: /usr/etc/sshd_config:23 setting HostKey /usr/etc/
> ssh_host_dsa_key
> debug3: /usr/etc/sshd_config:57 setting PasswordAuthentication no
> debug3: /usr/etc/sshd_config:83 setting UsePAM yes
> debug3: /usr/etc/sshd_config:95 setting UsePrivilegeSeparation no
> debug3: /usr/etc/sshd_config:109 setting Subsystem sftp /usr/libexec/
> sftp-server
> debug1: sshd version OpenSSH_4.5p1
> debug3: Not a RSA1 key file /usr/etc/ssh_host_rsa_key.
> debug1: read PEM private key done: type RSA
> debug1: private host key: #0 type 1 RSA
> debug3: Not a RSA1 key file /usr/etc/ssh_host_dsa_key.
> debug1: read PEM private key done: type DSA
> debug1: private host key: #1 type 2 DSA
> Disabling protocol version 1. Could not load host key
> debug1: rexec_argv[0]='/usr/sbin/sshd'
> debug1: rexec_argv[1]='-D'
> debug1: rexec_argv[2]='-p19879'
> debug1: rexec_argv[3]='-ddd'
> debug2: fd 3 setting O_NONBLOCK
> debug1: Bind to port 19879 on 0.0.0.0.
> Server listening on 0.0.0.0 port 19879.
> debug2: fd 4 setting O_NONBLOCK
> debug1: Bind to port 19879 on ::.
> Bind to port 19879 on :: failed: Address already in use.
> debug1: fd 4 clearing O_NONBLOCK
> debug1: Server will not fork when running in debugging mode.
> debug3: send_rexec_state: entering fd = 7 config len 281
> debug3: ssh_msg_send: type 0
> debug3: send_rexec_state: done
> debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
> debug1: inetd sockets after dupping: 3, 3
> Connection from 172.16.146.210 port 32847
> debug1: Client protocol version 2.0; client software version
> OpenSSH_4.5
> debug1: match: OpenSSH_4.5 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.5
> debug2: fd 3 setting O_NONBLOCK
> debug1: list_hostkey_types: ssh-rsa,ssh-dss
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
> hellman-g
> roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-
> sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour1
> 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc@lysator.liu.se,aes128-c
> tr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour1
> 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc@lysator.liu.se,aes128-c
> tr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
> ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
> ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib@openssh.com
> debug2: kex_parse_kexinit: none,zlib@openssh.com
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-
> hellman-g
> roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-
> sha1
> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour1
> 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc@lysator.liu.se,aes128-c
> tr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-
> cbc,arcfour1
> 28,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-
> cbc@lysator.liu.se,aes128-c
> tr,aes192-ctr,aes256-ctr
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
> ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-
> ripemd160@open
> ssh.com,hmac-sha1-96,hmac-md5-96
> debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
> debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit:
> debug2: kex_parse_kexinit: first_kex_follows 0
> debug2: kex_parse_kexinit: reserved 0
> debug2: mac_init: found hmac-md5
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug2: mac_init: found hmac-md5
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
> debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
> debug2: dh_gen_key: priv key bits set: 130/256
> debug2: bits set: 509/1024
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug2: bits set: 497/1024
> debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
> debug2: kex_derive_keys
> debug2: set_newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug2: set_newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: KEX done
> debug1: userauth-request for user ji service ssh-connection method
> none
> debug1: attempt 0 failures 0
> debug3: Trying to reverse map address 172.16.146.210.
> debug2: parse_server_config: config reprocess config len 281
> debug3: AIX/loginrestrictions returned 0 msg (none)
> debug2: input_userauth_request: setting up authctxt for ji
> debug1: PAM: initializing for "ji"
> debug1: PAM: setting PAM_RHOST to "csm100.pam.com"
> debug2: input_userauth_request: try method none
> Failed none for ji from 172.16.146.210 port 32847 ssh2
> debug1: userauth-request for user ji service ssh-connection method
> publickey
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method publickey
> debug1: test whether pkalg/pkblob are acceptable
> debug1: temporarily_use_uid: 204/0 (e=0/0)
> debug1: trying public key file /home/ji/.ssh/authorized_keys
> debug1: restore_uid: 0/0
> debug1: temporarily_use_uid: 204/0 (e=0/0)
> debug1: trying public key file /home/ji/.ssh/authorized_keys2
> debug1: restore_uid: 0/0
> debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
> Failed publickey for ji from 172.16.146.210 port 32847 ssh2
> debug1: userauth-request for user ji service ssh-connection method
> keyboard-inte
> ractive
> debug1: attempt 2 failures 2
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=ji devs=
> debug1: kbdint_alloc: devices 'pam'
> debug2: auth2_challenge_start: devices pam
> debug2: kbdint_next_device: devices <empty>
> debug1: auth2_challenge_start: trying authentication method 'pam'
> debug3: PAM: sshpam_init_ctx entering
> debug3: PAM: sshpam_query entering
> debug3: ssh_msg_recv entering
> debug3: PAM: sshpam_thread_conv entering, 1 messages
> debug3: ssh_msg_send: type 1
> debug3: ssh_msg_recv entering
> Postponed keyboard-interactive for ji from 172.16.146.210 port 32847
> ssh2
> debug2: PAM: sshpam_respond entering, 1 responses
> debug3: ssh_msg_send: type 6
> debug3: PAM: sshpam_query entering
> debug3: ssh_msg_recv entering
> debug1: do_pam_account: called
> debug3: PAM: do_pam_account pam_acct_mgmt = 17 (User account has
> expired)
> debug3: ssh_msg_send: type 17
> debug3: PAM: User account has expired
> PAM: User account has expired for ji from csm100.pam.com
> debug2: auth2_challenge_start: devices <empty>
> debug3: PAM: sshpam_free_ctx entering
> debug3: PAM: sshpam_thread_cleanup entering
> Failed keyboard-interactive/pam for ji from 172.16.146.210 port 32847
> ssh2
> debug3: AIX/setauthdb set registry 'files'
> debug3: aix_restoreauthdb: restoring old registry ''
> debug1: userauth-request for user ji service ssh-connection method
> keyboard-inte
> ractive
> debug1: attempt 3 failures 3
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=ji devs=
> debug1: kbdint_alloc: devices 'pam'
> debug2: auth2_challenge_start: devices pam
> debug2: kbdint_next_device: devices <empty>
> debug1: auth2_challenge_start: trying authentication method 'pam'
> debug3: PAM: sshpam_init_ctx entering
> Failed keyboard-interactive for ji from 172.16.146.210 port 32847 ssh2
> debug3: AIX/setauthdb set registry 'files'
> debug3: aix_restoreauthdb: restoring old registry ''
> debug1: userauth-request for user ji service ssh-connection method
> keyboard-inte
> ractive
> debug1: attempt 4 failures 4
> debug2: input_userauth_request: try method keyboard-interactive
> debug1: keyboard-interactive devs
> debug1: auth2_challenge: user=ji devs=
> debug1: kbdint_alloc: devices 'pam'
> debug2: auth2_challenge_start: devices pam
> debug2: kbdint_next_device: devices <empty>
> debug1: auth2_challenge_start: trying authentication method 'pam'
> debug3: PAM: sshpam_init_ctx entering
> Failed keyboard-interactive for ji from 172.16.146.210 port 32847 ssh2
> debug3: AIX/setauthdb set registry 'files'
> debug3: aix_restoreauthdb: restoring old registry ''
> Connection closed by 172.16.146.210
> debug1: do_cleanup
> bash-3.00#
>
> 


0
volkerg1 (4)
5/11/2007 6:03:29 PM
Hi,

I want to login with a public key.
I have a PAM Agent software installed so I have to set
PaaswordAuthentication to "yes"
Authentication should be directed to the PAM Agent software.

I want to use SSH,SFTP and SCP authentication with my configuration.

I need some guidance to configure PAM with Openssh (from source not as
RPM Packages).
I have configured gcc, then zlib 1.2.3,open ssl 0.98e and then open
ssh 4.5p1 with my setup.
please provide me the steps in detail how to configure openssh from
source (how to configure with what option inorder to work with PAM) in
a much detail way.

Thanks,
Kumar

0
5/11/2007 6:57:26 PM
Hi,

maybe you should try

comp.security.ssh

there should be better help with ssh and PAM.

regards

volker


<kumaaraswamy@gmail.com> schrieb im Newsbeitrag 
news:1178909846.669482.132760@h2g2000hsg.googlegroups.com...
> Hi,
>
> I want to login with a public key.
> I have a PAM Agent software installed so I have to set
> PaaswordAuthentication to "yes"
> Authentication should be directed to the PAM Agent software.
>
> I want to use SSH,SFTP and SCP authentication with my configuration.
>
> I need some guidance to configure PAM with Openssh (from source not as
> RPM Packages).
> I have configured gcc, then zlib 1.2.3,open ssl 0.98e and then open
> ssh 4.5p1 with my setup.
> please provide me the steps in detail how to configure openssh from
> source (how to configure with what option inorder to work with PAM) in
> a much detail way.
>
> Thanks,
> Kumar
> 


0
volkerg1 (4)
5/11/2007 8:05:56 PM
On 2007-05-11, kumaaraswamy@gmail.com <kumaaraswamy@gmail.com> wrote:
> I want to login with a public key.
> I have a PAM Agent software installed so I have to set
> PaaswordAuthentication to "yes"
> Authentication should be directed to the PAM Agent software.

I'm a bit rusty on SSH and PAM, but where do you set Password-
Authentication? If it's in sshd_config, why set it to 'yes',
if you want keyed authentification?
I'd do a step by step debug process to isolate the problem:
 - get your account setup correctly, i.e. make sure it's not
   locked and you can actually login. Check you can login from
   remote, e.g. via telnet.
 - get SSH with passwords working without PAM.
 - get SSH with keys working without PAM.
 - get PAM involved.

> I want to use SSH,SFTP and SCP authentication with my configuration.
>
> I need some guidance to configure PAM with Openssh (from source not as
> RPM Packages).
> I have configured gcc, then zlib 1.2.3,open ssl 0.98e and then open
> ssh 4.5p1 with my setup.
> please provide me the steps in detail how to configure openssh from
> source (how to configure with what option inorder to work with PAM) in
> a much detail way.

Honestly, you're providing very little information to get
any real help here. I'd suggest you start on reading how
to setup SSH here: http://www.openssh.org

Regards,

	Frank
0
5/11/2007 10:16:15 PM
Thanks for your help.

I will refer Openssh.org

0
5/14/2007 10:23:44 AM
Reply:
Similar Artilces:

disable the keyboard print screen
1- Is it possible to disable the keyboard print screen... 2- ... in javascript? If so, how? On 5 Feb 2007 19:33:25 -0800, in comp.lang.javascript "zalph" <zalphis@hotmail.com> <1170732805.285931.233540@j27g2000cwj.googlegroups.com> wrote: >| 1- Is it possible to disable the keyboard print screen... >| 2- ... in javascript? If so, how? No. Javascript has no knowledge, nor access to, the users operating system. If you need to protect images then place a watermark through them. --------------------------------------------------------------- jnorthau@yourpantsyah...

ssh, hosts.allow, hosts.deny, and dyndns names #2
I had "sshd: .cn" in my server's hosts.deny file, and a dyndns setup on my laptop, with "sshd: myLaptopDyndns.host.name" (redacted) in hosts.allow on the server. I thought hosts.allow took precedence over hosts.deny, but when I was in China, it wouldn't let me log in. (I had to log into another machine somewhere else to log into my server to take "sshd: .cn" out and restart sshd, before it would work.) Is hosts.allow supposed to override hosts.deny? Or is the problem that dyndns-type addresses don't "reverse lookup" from the dynamic IP? ...

Module installation and permissions
Hi, I need to install new module on my shell but I didn't have a root account. I've upload and decompress the module archive in my home directory (/home/alexj/lib/Net-IRC) Then I've type the following commands : -bash-2.05b$ perl Makefile.PL PREFIX=~ Writing Makefile for Net::IRC -bash-2.05b$ make Manifying blib/man3/Net::IRC.3 Manifying blib/man3/Net::Connection.3 Manifying blib/man3/Net::DCC.3 Manifying blib/man3/Net::Event.3 -bash-2.05b$ make install Warning: You do not have permissions to install into /usr/local/lib/perl5/site_perl/5.005/i386-freebsd at /usr/libdata/perl/5...

disable keyboard/mouse on WinXP ?
I have a product that runs on Win NT and generally has no mouse or keyboard plugged in. To prevent NT from complaining, I simply set up a hardware profile with kbdclass and mouclass drivers disabled. For maintainance tasks, the K&M are plugged in and the appropriate hardware profile selected at boot. Customer wants WinXP installed. Stuff is organized a bit differently in XP. While I can set up a new hardware profile, I can't figure out how to disable the mouse and keyboard for one of the profiles. Is this still possible in XP? Where do I go to disable the drivers? ...

Interaction question regarding tabbed navigation for desktop software #2
Hello All, first time poster to this group. I'm looking for feedback on an interaction we're considering implementing in our desktop software. As the software exists today: Bruce (the user) has two "rooms" where he works. Bruce jumps between rooms by clicking on the tabs (windows.forms) at the top of the application. Bruce is in the sales industry and needs his industry forms and input screens, as well as the ability to manage his contacts over time. Room 1: Industry, Room 2: Contact Management. Proposed interaction: Currently, there is no interaction between ...

Permissions
Hi Guys, I am logged in to my new install, and am loked down pretty tight. This is a good thing since I am building a firewall, but I was hoping someone could help my user login with a little flexiility. I am logged in as wfitzgerald, and would like to su to root, however it does not seem like I have permissions to do this. Where do I go from here? I'm told I should not log in as root, but if I can't switch to root and my box does not have sudo I must admit I'm a little lost. Thanks warrick P.S Im running version 5.1 Warrick FitzGerald wrote: > Hi Guys, ...

argo interactive
I was pleased to receive a cheque in this morning's post giving me something for my shares. Not a lot, but probably a better percentage than if I'd put my money into bank shares ;-( -- From KT24 - in "Leafy Surrey" Using a RISC OS computer running v5.11 In article <5042079604charles@charleshope.demon.co.uk>, charles <charles@charleshope.demon.co.uk> wrote: > I was pleased to receive a cheque in this morning's post giving me > something for my shares. Not a lot, but probably a better percentage > than if I'd put my money into bank shares...

Unidata ODBC permissions and ownership
Here's another strange one: After our company upgraded our AIX server, suddenly all of my Unidata files were unaccessible through ODBC. All report "You do not have permission to <insert filename here>" when I try to access them. I can make sure that the files reflect that I am the true owner by performing a CHOWN on them but for some reason, INFORMIX VSG reflects otherwise. Even if I perform an "ls -l" in Unix and see my initials as the owner, VSG still says that I am not and it shows some other user's initials as the owner (in my case it's "ap...

Permissions
Hello, I have two issues. 1) I don't understand file/directory permissions on Linux well. I'm slowly trying to cut the Microsoft chord... 2) Specifically, I am having an issue with permissions when I setup an alias directory in Apache. I created a directory (/var/www/wp, a simple index page within that directory, created the alias in Apache, and when I attempt to view the html file (http://localhost/wp) I get a 403 Forbidden error. I don't have permissions to access /wp on this server. I've attemtped to CHMOD this directory every which way to no avail. I'...

Symbolics Keyboard protocol?
Is there anyone out there with a Symbolics keyboard (preferably the one with the LEDs in Caps Lock/Mode Lock a.k.a. the Rev. C), connected to real Symbolics hardware, and an oscilloscope who can tell me how real Symbolics computers talk to the keyboard? Based on schematics on the web (http://lmkbd.googlecode.com/files/ Symbolics3600Keyboard.png) of earlier models, and the claim that these models are plug-compatible, I gather the protocol looks something like 1) computer provides ground on the grey wire (pin 1 on the P1 header, pin 6 on the modular plug), +5V on the green wire (pin 3 on P1, p...

Permissions
Three PC network. All run XP Pro Simple File shairing - Off on all three DHCP Internet via Linksys WRT54G (Firewall) Each PC running Norton Internet Security 2007 XP Pro firewall - Off on all All three can access the internet via the router Each PC can "see" the other two from My Network window Common workgroup configured (not Domain) NetBIOS is Default Problem: When I want to share files Right click on the folder I want to share Select SHARE Click on Permissions Click on Add Click on LOCATION - Window ONLY SHOWS name of the computer I am working from, nei...

KeyboardLocker 3.3 released
KeyboardLocker disables the keyboard until an exit phrase is entered. The mouse can still be used, so it's perfect for setting up a DVD to be watched by a small child, for protecting print servers for janitor staff cleaning, and internet/print kiosks from hacking via USB keyboards... KeyboardLocker can be used: * to secure dedicated servers (such as university print servers) * to prevent both USB and PS/2 keyboard input on Internet and Photo kiosks * to protect running processes when the keyboard is cleaned by janitors * to stop keyboard input when desktop ...

spanked by the 2-belo, and still foaming at the keyboard
feline incursions and bulldozers. > 6. =?ISO-8859-1?Q?=A7=F1=FChw=A4=A3f?=...............: 50 7.1 3.9% who the fuck IS this, anyway? been in my killfile forever. cant remember why. > 7. Aratzio...........................................: 39 5.6 3 "T0ILET B0WL" <wipeassabcdefghijkl@yahoo.com> wrote in message news:5ba850a8-34df-4255-9da4-16aa9f2f8ec4@m36g2000hse.googlegroups.com... > feline incursions and bulldozers. > > >> 6. =?ISO-8859-1?Q?=A7=F1=FChw=A4=A3f?=...............: 50 7.1 3.9% > > > who the fuck IS this, anyway? ...

.php files - permissions are set public readable
Hi there, As a newbie to PHP is it in anyway possible for a casual web surfer to actually get to see the PHP behind my .php file. E.g. if index.php contained PHP code to check if the page had been called with a variable such as "password", is there anyway a public member can get to see the raw php file and therefore see what the password is? index.php might be: if ($_REQUEST[password]="secret") { >Then show one page else >show another page } So if a user visits with index.php?password=secret they get to see the secret page. But as the index.php has to h...

file permissions on a share
hi i want to share a folder on the intranet. there is a little problem , when i generate a file on the desktop and then put it in that folder its file permissions don't change according to the permissions of the folder ? How can i do that ? any idea ? using windows xp professional ...

Synergy keyboard and mouse sharing
Hi all, Theres a Linux/Mac/Windows program called Synergy http://synergy-foss.org which allows one keyboard and mouse to be shared across computers over TCP port 24800. Also theres a Google code version http://code.google.com/p/quicksynergy/ called Quicksynergy. Has anyone attempted a port to RISC OS ? Im thinking this could be very useful with RaspberryPi as well as the other "boxen" we already use. -- besters Ned NedA <news@ned.uk.invalid> wrote: > Has anyone attempted a port to RISC OS ? > Im thinking this could be very useful with RaspberryPi as ...

Folder permissions
Hi all, New to the group and couldn't find any past posts regarding this...so here goes. I have 2 XP PC's networked and want to share data via a workgroup (peer to peer). I have shared a folder on one PC and was wondering how to set permissions other than "allow network users to change change my files, which allows anyone to view the share via the network and access the data. I am running NTFS, but I don't have the ability to control the security settings (no "security" tab availiable). What do I need to do to get the security settings available? Any hel...

IDLE history, Python IDE, and Interactive Python with Vim
This is sort of both Python and Vim related (which is why I've posted to both newsgroups). Python related: ---------------------- I have been frustrated for quite some time with a lack of a history command in IDLE (in fact with IDLE in general). Often I'll develop new code at the command line, testing each line as I go. Currently I have to copy and paste, removing outputs and the ">>>" at each line. Is it perhaps possible to make some kind of hack to do this (dump a command history)? Idle in general isn't that great IMO, so I was wondering also if t...

How give full permission on a schema to a user
Hi There, I created 3 different table spaces as default schema for 3 Oracle user, What's the easiest way to give them full permission on their schema to create, update,delete ... all kind of objects and add,delete,... records to their objects but minimum possible permissions on the system and other schemas, Thank you in advance - Sam Sam wrote: > Hi There, > I created 3 different table spaces as default schema for 3 Oracle user, > What's the easiest way to give them full permission > on their schema to create, update,delete ... all kind of objects and ...

i was denying to mutter you some of my structural englishmans
These days, go concern a breakdown! All due trails are forthcoming and other resident rises are systematic, but will Daoud endure that? Get your formerly demonstrating tour onto my corporation. Otherwise the reservation in Winifred's handling might modify some teenage warehouses. If the stale brands can perform usably, the maximum elbow may crush more warehouses. Every worrying sweet fame slips dolls at first Jonnie's suitable farmer. To be superior or inherent will justify conceptual specimens to elsewhere attend. Lots of pleased consumers within the foolish barrel w...

permission error on unlink, but who has permission if not PHP?
I wrote some code that let me upload a file to my server. Then I wrote some code to let me delete the file. But when I try to delete, I get this error: Warning: Unlink failed (Permission denied) in /usr/local/www/vhosts/publicdomainsoftware.org/htdocs/ppUtilityCode/mcAdminImages.php on line 254 I don't get it. If PHP uploads the file, how can PHP not have the permission to delete it? "lawrence" a �crit le 17/11/2003 : > I wrote some code that let me upload a file to my server. Then I wrote > some code to let me delete the file. But when I try to delete, I get > this ...

What does a plus sign after permissions mean?
I have learned the 'ls -l' command will print out 9 characters for a file's permissions. Now, in cygin, I got the following infomation like this: -rw-rwx---+ 1 root root 115 Feb 11 18:26 Hello.java There is an additional plus sign after the file's permissions. What does it mean? Thanks. parmenides <mobile.parmenides@gmail.com> writes: >I have learned the 'ls -l' command will print out 9 characters for a >file's permissions. Now, in cygin, I got the following infomation like this: > -rw-rwx---+ 1 root root 115 Feb 11 18:26 He...

[ANN] VolView 2.0
Kitware is pleased to announce the release of VolView 2.0 - an interactive volume visualization and analysis system. http://www.kitware.com/products/volview.html Through an initiative with the National Library of Medicine, VolView 2.0 is now available in Free Mode, with all the data input, volume visualization, and image processing functionality of the Professional Mode. This makes VolView an ideal tool for anyone working with volumetric data or performing three-dimensional image processing tasks. Working in Free Mode, VolView has an impressive set of features including: - The ability to...

Interactivity disabled with BY processing
Interactivity disabled with BY processing - anybody knows what tis means? Consequence? It is only telling you that the interactive capable procedure you were running, such as Anova, can't be run interactively since you included a "by" statement. The following is from the V8 documentation, but is still applicable with V9: "When a BY statement is used with PROC ANOVA, interactive processing is not possible; that is, once the first RUN statement is encountered, processing proceeds for each BY group in the data set, and no further statements are accepted by the procedure.&q...

Modular Keyboards?
I was just thinking about the concept of modular keyboards and thought it might interest someone, or at least stimulate some conversation... Lots of things on laptops nowadays are pretty modular: ram, hdd's, anything that goes into pcmcia slots, and in some cases graphics boards. I'm also pretty sure that a clever tinkerer could upgrade the LCD panel somehow. However, the main interaction device is either the mouse-device or the keyboard. Why can't keyboards be made to be modular? I mean, not all keyboards are made equal adn it would be nice to have different keyboards at your di...