[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] SSH aon Raq-2
- Subject: Re: [cobalt-users] SSH aon Raq-2
- From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
- Date: Sat Dec 2 09:04:01 2000
- Organization: anonymous
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Fri, 1 Dec 2000 23:46:47 -0500, "glenn" <glenn@xxxxxxxxxxx> wrote:
:>I installed openssh-2.3.0p1 and it still does now work
:>I also had installed bc 1.06 and flex-2.5.4a
:>
:>----- Original Message -----
:>From: "Mike Vanecek" <nospam99@xxxxxxxxxxxx>
:>> I had some problems on a Qube2 with ssh2 until I installed
:>openssh-2.3.0p1. I
:>> also installed bc 1.06. Everything cleared up then. You might try 2.3.0
:>and
:>> see if it makes a difference?
:>> On Wed, 29 Nov 2000 19:41:38 -0500, "glenn" <glenn@xxxxxxxxxxx> wrote:
:>>
:>> :>zlib-1.1.3
:>> :>openssh-2.2.0
:>> :>openssl-0.9.6
:>> :>Is there a shadow password problem?
:>> :>log files shows it finds and decodes the user name ok.
:>> :>----- Original Message -----
:>> :>From: "Brian Curtis" <admin@xxxxxxxxxxx>
:>> :>Sent: Wednesday, November 29, 2000 7:20 AM
:>> :>Subject: Re: [cobalt-users] SSH aon Raq-2
:>> :>> > I complied zlib,ssl and ssh on my Raq-2 with no errors.
:>> :>> > Test in debug show it working and reconizing a connection request
:>and
:>> :>user
:>> :>> > name, but the password fails to validate.
:>> :>> > Is there an option I need to make this work?
Are we sure the client is working correctly and passing the correct password?
:>> :>> A bit more info is needed to provide any helpful comments. What ssh
:>> :>release
:>> :>> are you using and what does it output to the syslogs after a login
:>> :>attempt?
:>> :>>
:>> :>> It sounds like your ssh installation wasn't configured to use your
:>> :>system's
:>> :>> underlying authentication system (pam). However, this is a stab in
:>the
:>> :>dark
:>> :>> w/o the above mentioned info.
Best I can offer is some ideas ... keep in mind that this is on a Qube2:
I have set up my /etc/syslog.conf so that I can monitor various items in
different logs. I have setup my ssh to its own log. A snippet from my
syslog.conf contains
# Local7 are MTV ssh level messages
*.info;mail.none;authpriv.none;\
local7.none;auth.none;daemon.none;local2.none /var/log/messages
# The authpriv file has restricted access.
authpriv.*;auth.* /var/log/secure
# Log portlog local2 to its own log
local2.* /var/log/portlog
# Log ssh local7 to its own log
local7.* /var/log/sshlog
# Log daemon to its own log
daemon.* /var/log/daemonlog
I assume you are using debug, but doing this way makes it easier to trap the
results, i.e.,
Then in your /usr/local/etc/sshd_config (or wherever you have put it)
# Logging
#SyslogFacility AUTH
SyslogFacility LOCAL7
#LogLevel INFO
LogLevel DEBUG
This will pump out a bit more info on the server side (you will need to
restart ssh) to /var/log/sshlog.
My /etc/pam.d/sshd file looks like
#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow nodelay
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so shadow nullok use_authtok
session required /lib/security/pam_pwdb.so
session required /lib/security/pam_limits.so
I don't think I have made any other changes (other than to turn on sftp -
# Uncomment if you want to enable sftp
Subsystem sftp /usr/local/libexec/sftp-server).
Not sure what else I can look at ... hth
Mike.