LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
From: Alan Kennington <akenning@dog.topology.org>
To : LinuxSA <linuxsa@linuxsa.org.au>
Date: Mon, 29 Nov 1999 04:35:48 +1030
OpenSSH problems with linux, esp. RH 5.2
Has anyone else had these problems with OpenSSH?
1. The less serious problem is that
OpenSSL gets installed into subdirectories
of /usr/local/ssl, and OpenSSH expects
to see this software in standard
places, like /usr/lib and /usr/include.
This can be fixed by 3 symbolic links.
I've already done this on three machines.
2. The more serious problem is that the RH 5.2
PAM (The Pluggable Authentication Module thing,
which I find very unpleasant at the best of
times). I get the SSH daemon to respond okay
to my SSH client, but then it can't get
the PAM thing to work. The message in the log
file (/var/log/messages) is:
Nov 29 03:45:31 dog sshd[28753]: log: Connection from 203.38.148.53 port 1090
Nov 29 03:46:08 dog sshd[28753]: log: RSA authentication for akenning accepted.
Nov 29 03:46:08 dog sshd[28753]: log: PAM rejected by account configuration: User account has expired
Nov 29 03:46:43 dog sshd[28753]: fatal: Connection closed by remote host.
Nov 29 03:46:43 dog sshd[28753]: log: Cannot close PAM session: System error
The problem appears to be that there is _no_ shadow file
by default in RH 5.2. Therefore PAM doesn't know
anything about account expiry. So it assumes that
the account has "expired".
Problem is that ordinary telnet and rlogin
work fine. And even if I change the password
a couple of times, I still get the same
symptoms.
On the client side, I get this sort of thing:
=============================================
tiger:akenning> ssh dog.topology.org
Enter passphrase for RSA key 'akenning@dog':
akenning@dog.topology.org's password:
Permission denied, please try again.
akenning@dog.topology.org's password:
Permission denied, please try again.
akenning@dog.topology.org's password:
Permission denied.
============================================
I entered (invisible) correct passwords here.
Everything works absolutely perfectly with
SuSE 6.2 as the server for the SSH daemon.
But SuSE 6.2 uses an /etc/shadow file!
Can anyone give me any clues before I get
stuck into yet another couple of days of
wasted creativity trying to work out why
this stuff doesn't work as it should?
Has anyone got OpenSSH going with RH 5.2 at all?
Or even just with a system without shadow file?
Thanks in advance,
Alan Kennington.
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
Return to the LinuxSA Mailing List Information Page