[olug] PAM

Christopher Cashell topher at zyp.org
Wed Feb 5 19:43:16 UTC 2003 

At Wed, 05 Feb 03, Unidentified Flying Banana William E. Kempf, said:
> I've got a RedHat 7.1 box on which I think the PAM config files have been
> messed up.  I suspect this because when I ssh to this box when I have the
> clients public key in the servers .ssh/authorized_keys file, it still asks
> me for a password.  I know the PAM config files have been modified, but
> don't know what modifications were done.  Is there any way to return to
> the originally installed PAM files, or any other way to go about fixing my
> problem?

I won't claim that this can't be PAM related, but it seems to be that
it's more likely a Secure Shell issue.

I would suggest doing the following:

  o Ensure that the ~/.ssh/authorized_keys file on the server is
    "valid".  Check it against the ssh public key, and make sure there
    are no line breaks or anything like that in it.
  o Ensure that you are using a matching SSH1 or SSH2 key pair for the
    right ssh protocol version.  An SSH1 key won't work with the SSH2
    protocol.
  o Ensure that the ~/.ssh/identity, ~/.ssh/id_dsa, or ~/.ssh/id_rsa
    file is valid, and matches the authorized_keys entry on the server.
  o Ensure that the ~/.ssh/identity, ~/.ssh/id_dsa, or ~/.ssh/id_rsa
    file is not readable, writable, or executable by anyone other than
    the user that owns it.  ssh will ignore it, if it is.
  o If you're using SSH2, ensure that PubkeyAuthentication is set to yes
    in /etc/ssh/sshd_config and in /etc/ssh/ssh_config (default is yes,
    unless changed).
  o If you're using SSH1, ensure that RSAAuthentication is set to yes in
    /etc/ssh/sshd_config and in /etc/ssh/ssh_config (default is yes,
    unless changed).
  o If you need to force ssh to try a specific version of the protocol,
    you can do it by adding '-1' or '-2' as an option to the ssh command
    line.  Otherwise, ssh will default to the order listed in
    /etc/ssh_config (from the Protocol option).
  o Check /etc/ssh/ssh_config to ensure that, if set,
    PreferredAuthentications lists 'publickey' before 'password' (this
    is the default, unless changed).

See if any of that helps.  If not, we can try to dig deeper, or find
something PAM related that might be affecting this.

> -- 
> William E. Kempf

-- 
| Christopher
+------------------------------------------------+
| A: No.                                         |
| Q: Should I include quotations after my reply? |
+------------------------------------------------+

More information about the OLUG mailing list