Project

General

Profile

Bug #6963

SSH Keyboard-Interactive Authentication fails on 2.3.2/2.4

Added by Jim Pingle 10 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
User manager
Target version:
2.3.3
Start date:
11/25/2016
Due date:
% Done:

100%

Affected version:
2.3.3
Affected Architecture:
All

Description

The ssh authentication "keyboard-interactive" method fails on 2.3.2 and 2.4

This is due to the use of UsePAM no globally in sshd_config

keyboard-interactive is more secure than plain password authentication and is preferable for environments where using only key-based authentication is impractical.

Moving UsePAM no to the code block for key-based only auth works for both cases and has the intended net effect.

To me, I have a commit pending.

Associated revisions

Revision b35fc433
Added by Jim Pingle 10 months ago

Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963

Revision ec64b0a8
Added by Jim Pingle 10 months ago

Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963

Revision 8505ccf0
Added by Jim Pingle 10 months ago

Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963

History

#1 Updated by Jim Pingle 10 months ago

  • Status changed from New to Feedback

I pushed a fix as stated. Works fine with and without key-based auth. Needs more testing once it hits snaps.

#2 Updated by Jim Pingle 10 months ago

  • % Done changed from 0 to 100

#3 Updated by Jim Pingle 10 months ago

  • Status changed from Feedback to Resolved

Working now

#4 Updated by Jim Pingle 7 months ago

  • Target version changed from 2.4.0 to 2.3.3

#5 Updated by Jim Pingle 7 months ago

  • Affected version changed from 2.4 to 2.3.3

Also available in: Atom PDF