Project

General

Profile

Bug #6963

SSH Keyboard-Interactive Authentication fails on 2.3.2/2.4

Added by Jim Pingle over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
User manager
Target version:
2.3.3
Start date:
11/25/2016
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.3.3
Affected Architecture:
All

Description

The ssh authentication "keyboard-interactive" method fails on 2.3.2 and 2.4

This is due to the use of UsePAM no globally in sshd_config

keyboard-interactive is more secure than plain password authentication and is preferable for environments where using only key-based authentication is impractical.

Moving UsePAM no to the code block for key-based only auth works for both cases and has the intended net effect.

To me, I have a commit pending.

Associated revisions

Revision b35fc433 (diff)
Added by Jim Pingle over 2 years ago

Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963

Revision ec64b0a8 (diff)
Added by Jim Pingle over 2 years ago

Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963

Revision 8505ccf0 (diff)
Added by Jim Pingle over 2 years ago

Disable PAM when using only key-based authentication, otherwise keyboard-interactive fails. Fixes #6963

History

#1 Updated by Jim Pingle over 2 years ago

  • Status changed from New to Feedback

I pushed a fix as stated. Works fine with and without key-based auth. Needs more testing once it hits snaps.

#2 Updated by Jim Pingle over 2 years ago

  • % Done changed from 0 to 100

#3 Updated by Jim Pingle over 2 years ago

  • Status changed from Feedback to Resolved

Working now

#4 Updated by Jim Pingle over 2 years ago

  • Target version changed from 2.4.0 to 2.3.3

#5 Updated by Jim Pingle over 2 years ago

  • Affected Version changed from 2.4 to 2.3.3

Also available in: Atom PDF