On Thu, May 11, 2000 at 10:16:16AM -0400, Jeff Hubbs wrote:
> I've got a pair of machines here that I am using to learn how to implement
> OpenSSH for secure remote access.
> I've gotten to the point where the "server" is running sshd, but when I go
> to the client and go "ssh ", I'm asked for a password but
> when I enter it, I get "Permission denied, please try again." I know the
> account and password are valid on the server (I can telnet in if I want).
> Is there something, perhaps some kind of key exchange, that I've missed?
Hmmmm.... I can take some pretty good guesses here but I
need some more information.
1) What distribution and version are you using?
2) What version of OpenSSH are you using (I would highly recommend
2.1.0 at this time).
3) How are you installing it?
From source?
From rpm?
If this is a RedHat system (or any other system using PAM) and
you installed from source, you probably (probability approaching 100%)
didn't get the PAM file installed properly. Look for the file
/etc/pam.d/sshd. If the directory is there and the file is not there,
I can almost guarentee you that you've got at least that for a problem.
Installing from the binary rpm's installs this file (at least it has
for me) but building from source and installing from that typically
does not. The configuration process will spot the pam libraries and
compile in pam support, it just doesn't install the pam configuration
file (at least versions I've had in the past didn't - would be nice
if they fixed that).
If that's not the problem, try running ssh -v and
see where the authentication fails at. You'll see a bunch of failure
errors that are normal. You want to see the errors after you enter
the password.
> FWIW, the first time I tried this, I got a dialog having to do with
> authentication of the machines in which it asked me if I still wanted to
> connect. After typing "yes," it added the IP to the list of "known hosts."
> Anyone seen a better guide than the OpenSSH docs, say, a magazine article?
> Would I be better off overall if I popped for the $89 two-user commercial
> version of SSH2, or would I just be giving up too easily? ;-)
No, you definitely wouldn't be better off.
OpenSSH 2.1.0 supports the 1.3, 1.5, and 2.0 protocols in a single
binary. The SSH stuff requires dual binaries and really screwy stuff
(servers loading servers and recalculating keys) if you want to support
both 1.x and 2.x services and protocols.
> - Jeff
Mike
--
Michael H. Warfield | (770) 985-6132 | ">mhw@WittsEnd.com
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
--
To unsubscribe: mail ">majordomo@ale.org with "unsubscribe ale" in message body.