f



how to disable keyboard-interactive and enable password authentication on openssh

I have a server running OpenSSH 4.2 that, per the
SSH_MSG_USERAUTH_FAILURE message only supports publickey and keyboard-
interactive authentication.  I want it to support password
authentication (and maybe disable keyboard-interactive) but don't know
how.

The file /etc/ssh/ssh_config has only three lines: Host * ,
ForwardX11Trusted yes and SendEnv LANG LC_CTYPE(...)
Rest of lines start with #.

Any ideas?
0
yawnmoth
12/15/2009 4:59:12 PM
comp.security.ssh 4228 articles. 0 followers. terra1024 (490) is leader. Post Follow

2 Replies
7832 Views

Similar Articles

[PageSpeed] 28

Hi,

When configuring your SSH server, you want to change things in 
/etc/ssh/sshd_config. ssh_config configures the client :)

Maybe I misunderstand, but isn't the idea of keyboard-interactive that 
you can enter your credentials, i.e. your password? Maybe I'm talking 
utter nonsense here, but in my eyes password authentication *is* 
keyboard-interactive.

In sshd_config there's an option PasswordAuthentication. I switched that 
to "no", so that only public keys can be used to log into my machine.

Kind regards,

Hans


yawnmoth wrote:
> I have a server running OpenSSH 4.2 that, per the
> SSH_MSG_USERAUTH_FAILURE message only supports publickey and keyboard-
> interactive authentication.  I want it to support password
> authentication (and maybe disable keyboard-interactive) but don't know
> how.
> 
> The file /etc/ssh/ssh_config has only three lines: Host * ,
> ForwardX11Trusted yes and SendEnv LANG LC_CTYPE(...)
> Rest of lines start with #.
> 
> Any ideas?
0
Hans
12/15/2009 6:19:42 PM
On Dec 15, 12:19=A0pm, Hans van Zijst <h...@woefdram.nl> wrote:
> Hi,
>
> When configuring your SSH server, you want to change things in
> /etc/ssh/sshd_config. ssh_config configures the client :)

Thanks for the heads up - I'll take a look next time I have access to
the machine :)

> Maybe I misunderstand, but isn't the idea of keyboard-interactive that
> you can enter your credentials, i.e. your password? Maybe I'm talking
> utter nonsense here, but in my eyes password authentication *is*
> keyboard-interactive.

Well, the SSH specs distinguish between password and keyboard-
interactive:

password: http://tools.ietf.org/html/rfc4252#section-8
keyboard-interactive: http://tools.ietf.org/html/rfc4256

The SSH client may or may not treat password authentication as though
it were a subset of keyboard-interactive but, at the end of the day,
they are two distinctly different things.

ie. with keyboard-interactive authentication the server might send a
prompt that says "Password" to the client but it could, just as
easily, send out a prompt that says "Type 'spaghetti'", too.  With
password authentication, in contrast, the server doesn't prompt you
for anything.  The client might but the server doesn't.  This is an
important distinction because a client can support one without the
other.

(I know a fair amount about SSH as a protocol - I just don't know a
lot about OpenSSH as an application)
0
yawnmoth
12/15/2009 8:05:30 PM
Reply: