Re: Questions about sshd_config man page and comments in the file

This is a discussion on Re: Questions about sshd_config man page and comments in the file within the OpenSSH Development forums, part of the Networking and Network Related category; On Thu, Feb 23, 2006 at 12:55:13PM +0530, ponraj wrote: > Hi , > > I have two problems ...


Go Back   Usenet Forums > Networking and Network Related > OpenSSH Development

Reload this Page Re: Questions about sshd_config man page and comments in the file

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 02-23-2006
Darren Tucker
 
Posts: n/a
Default Re: Questions about sshd_config man page and comments in the file
On Thu, Feb 23, 2006 at 12:55:13PM +0530, ponraj wrote:
> Hi ,
>
> I have two problems when i went through a) the man page of sshd_config and
> b) the comments quoted in sshd_config file itself. They are given below.
>
> a)
> >From the man page of sshd_config:
> "If UsePAM is enabled, you will not be able to run sshd(8) as a
> non-privileged user."
>
> I changed the permission of the hostkeys to a non-privileged user and tried
> to run sshd alongwith "UsePAM=yes" in one of the non-privileged ports . sshd
> was successfully initiated but it failed to handle client's connection
> request. Is this the behaviour highlighted in the man page ?

Yes. PAM typically needs root privs and is used for more than just
authentication.

> b)Comments in sshd_config file:
>
> # Set this to 'yes' to enable PAM authentication, account processing,
> # and session processing. If this is enabled, PAM authentication will
> # be allowed through the ChallengeResponseAuthentication mechanism.
> # Depending on your PAM configuration, this may bypass the setting of
> # PasswordAuthentication, PermitEmptyPasswords, and
> # "PermitRootLogin without-password". If you just want the PAM
> account and
> # session checks to run without PAM authentication, then enable this
> but set
> # ChallengeResponseAuthentication=no
>
> sshd has been started along with the following command-line configuration
> settings.
> # /opt/ssh/sbin/sshd -o "usepam yes" -o
> "challengeresponseauthentication no" -o "kerberosauthentication no" -o
> "passwordauthentication yes" -o "kerberosorlocalpasswd no"
> Authentication ,Password management modules were set to "libpam_krb5.so.1"
> and Session,Account management modules were set to "libpam_unix.so.1" in pam
> configuation file.
>
> During ssh conneciton, Kerberos password got succeeded when the ssh client
> was prompted for password. This violates the steps commented in sshd_config
> file.Can anyone clarify this ?

The comment in the example config file is outdated and should be fixed.
PasswordAuthentication uses PAM in recent versions (>=3.9p1 from memory).

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:15 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0