I am changing the login authentication method from password to keyboard interactive for security purposes. I know this option is kind of add-on for ssh client programs; which explains the best info about option is in this link: User Authentication with Keyboard-Interactive
One of the servers is AIX; and althoguh I have done many combination it keeps giving me the error saying unable to authenticate using methods which includes keyboard-interactive.
1) The server is AIX5.3
2) ssh -v
OpenSSH_4.3p2, OpenSSL 0.9.7l 28 Sep 2006
3) no LDAP
4) no xml configuration file for ssh like ssh-server-config.xml; so no LAM
5) $OpenBSD: sshd_config,v 1.73
My configuration is basically as follows;
Code:
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePAM yes
X11Forwarding yes
If there is anyone who can help me, it is appreciated. There may be a version supporting keyboard-interactive or a parameter that doesn't show up in man for sshd_config. Maybe, I should change ssh_config file which is all commented. There is /etc/pam.conf without any line with ssh-server-g3. Do u have any recommendation?
Last edited by pludi; 02-03-2010 at 09:44 AM..
Reason: code tags, please..
Hello,
when I try to connect to a remote machine through SSH username@host I am getting the error message
Permission denied (publickey,password,keyboard-interactive).
Can any one tell me what is the problem. the key is added in the remote machines authorized_keys file. (5 Replies)
I am writing an automation that will ssh into hundreds of system and run a few commands. I ll be looping from ip X.X.X.10 to X.X.X.200
I have public key set up ready for "most" of them to run ssh non interactively. However some of the systems in these ip range do not have the public private key... (2 Replies)
Hi,
I want to know how to use SSH non-interactively? I am already able to use sftp -b <batch file> user@host so public/private key set-up already is in place.
But my supervisor has told me to use SSH now I want to know how it can be done? I want to do something like:
done_files=`ssh ls... (7 Replies)
Hello everyone!
I am trying to log-in to a remote server over SSH, transfer file1 there, perform some checks, capture the results in file2 and transfer file2 back to my local server - all of this non-interactively. Initially, I tried to do this within a singe SSH session, using the following... (2 Replies)
Hello,
I'm trying to setup password less authentication to remote ssh server. I generated the public key and gave it to the vendor and The key is added in the remote machines authorized_keys file.
When I try to connect to a remote machine through SFTP username@host I am getting the error... (4 Replies)
HI Unix Gurus,
I an stuck in an interesting issue, where I am trying to execute a script on remote server after ssh.
The script on remote server is interactive,. Whenever it is called it hangs where it expects input from terminal and I have to terminate it.
I have searched through fourm... (12 Replies)
We have a script which rsyncs two directories on two servers. This rsync will happen with the ID svID. But the script runs with the Control-M ID opID. we have setup password less SSH for svID, but it fails with Host key verification failed when the script is executed by opID. As opID is a... (1 Reply)
Hello experts,
Is it possible to have an user account on RHEL 6.3 as a su-only account, but with ssh capability and no interactive login? Let me elaborate.
Say, we have a cluster of 5 RHEL 6.3 servers and an user account (strmadmin) on each of the server as an su-only... (1 Reply)
I wish to launch a script with ssh command.
This script launches a menu.
The menu displays well but I can't interact with it.
Can you help me :confused: ? (1 Reply)
I fire the rsyn command as below:
rsync --delay-updates -F --compress --archive -e "/usr/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" user1@myhost.server.com:/tmp/jarexplorer-0.7.jar /web/admin/data/ The above command get interpreted as below: ssh -vvv -o... (4 Replies)
Discussion started by: mohtashims
4 Replies
LEARN ABOUT FREEBSD
pam_ssh
PAM_SSH(8) BSD System Manager's Manual PAM_SSH(8)NAME
pam_ssh -- authentication and session management with SSH private keys
SYNOPSIS
[service-name] module-type control-flag pam_ssh [options]
DESCRIPTION
The SSH authentication service module for PAM, pam_ssh provides functionality for two PAM categories: authentication and session management.
In terms of the module-type parameter, they are the ``auth'' and ``session'' features.
SSH Authentication Module
The SSH authentication component provides a function to verify the identity of a user (pam_sm_authenticate()), by prompting the user for a
passphrase and verifying that it can decrypt the target user's SSH key using that passphrase.
The following options may be passed to the authentication module:
use_first_pass If the authentication module is not the first in the stack, and a previous module obtained the user's password, that password
is used to authenticate the user. If this fails, the authentication module returns failure without prompting the user for a
password. This option has no effect if the authentication module is the first in the stack, or if no previous modules
obtained the user's password.
try_first_pass This option is similar to the use_first_pass option, except that if the previously obtained password fails, the user is
prompted for another password.
nullok Normally, keys with no passphrase are ignored for authentication purposes. If this option is set, keys with no passphrase
will be taken into consideration, allowing the user to log in with a blank password.
SSH Session Management Module
The SSH session management component provides functions to initiate (pam_sm_open_session()) and terminate (pam_sm_close_session()) sessions.
The pam_sm_open_session() function starts an SSH agent, passing it any private keys it decrypted during the authentication phase, and sets
the environment variables the agent specifies. The pam_sm_close_session() function kills the previously started SSH agent by sending it a
SIGTERM.
The following options may be passed to the session management module:
want_agent Start an agent even if no keys were decrypted during the authentication phase.
FILES
$HOME/.ssh/identity SSH1 RSA key
$HOME/.ssh/id_rsa SSH2 RSA key
$HOME/.ssh/id_dsa SSH2 DSA key
$HOME/.ssh/id_ecdsa SSH2 ECDSA key
SEE ALSO ssh-agent(1), pam.conf(5), pam(8)AUTHORS
The pam_ssh module was originally written by Andrew J. Korty <ajk@iu.edu>. The current implementation was developed for the FreeBSD Project
by ThinkSec AS and NAI Labs, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
(``CBOSS''), as part of the DARPA CHATS research program. This manual page was written by Mark R V Murray <markm@FreeBSD.org>.
BSD October 7, 2011 BSD
02-03-2010
SSH with Keyboard Interactive
