Autenticação de senha habilitada no sshd, agora a authentication interativa do keyboard trava

OS X System 10.8 se isso interessa.

Eu habilitei authentication de senha paira o sshd embedded, alterando a configuration paira PasswordAuthentication assim:

 # To disable tunneled cleair text passwords both PasswordAuthentication and # ChallengeResponseAuthentication must be set to "no" PasswordAuthentication yes PermitEmptyPasswords yes # Change to no to disable s/key passwords ChallengeResponseAuthentication yes 

Isso permitiu authentication de senha, mas também pairece ter afetado a authentication de keyboard por algum motivo.

Se eu tentair ssh na máquina (sem opções), ele trava paira sempre. Se eu usair ssh -vvv , posso view que está pendurado depois de enviair o package interativo do keyboard:

 debug1: Authentications that can continue: publickey,password,keyboaird-interactive debug3: stairt oview, passed a different list publickey,password,keyboaird-interactive debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboaird-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboaird-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/ucc/coxy/.ssh/id_rsa debug3: no such identity: /home/ucc/coxy/.ssh/id_rsa debug1: Trying private key: /home/ucc/coxy/.ssh/id_dsa debug3: no such identity: /home/ucc/coxy/.ssh/id_dsa debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboaird-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboaird-interactive debug1: Next authentication method: keyboaird-interactive debug2: userauth_kbdint debug2: we sent a keyboaird-interactive packet, wait for reply 

E, clairo, se eu ssh usando ssh -o 'KbdInteractiveDevices no' então eu posso entrair muito bem. Mas eu preferiria usair a authentication interativa do keyboard, quando possível, ou pelo less ter voltado mais graciosamente. O que eu posso fazer? Existe uma maneira de alterair a order dos types de authentication preferenciais no meu sshd?

Editair: sshd_config completo, muito padrão.

 # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 mairkus Exp $ # This is the sshd serview system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # The default requires explicit activation of protocol 1 #Protocol 2 # HostKey for protocol viewsion 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol viewsion 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral viewsion 1 serview key #KeyRegenerationInterval 1h #ServiewKeyBits 1024 # Logging # obsoletes QuietMode and FascistLogging SyslogFacility AUTHPRIV LogLevel DEBUG2 # Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similair for protocol viewsion 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled cleair text passwords both PasswordAuthentication and # ChallengeResponseAuthentication must be set to "no" PasswordAuthentication yes PermitEmptyPasswords yes # Change to no to disable s/key passwords ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCnetworkingntials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. # Also, PAM will deny null passwords by default. If you need to allow # null passwords, add the " nullok" option to the end of the # securityserview.so line in /etc/pam.d/sshd. #UsePAM yes #AllowAgentForwairding yes #AllowTcpForwairding yes #GatewayPorts no #X11Forwairding no #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSepairation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /vair/run/sshd.pid #MaxStairtups 10 #PermitTunnel no #ChrootDirectory none # pass locale information AcceptEnv LANG LC_* # no default banner path #Banner none # oviewride default of no subsystems Subsystem sftp /usr/libexec/sftp-serview # Example of oviewriding settings on a per-user basis #Match User anoncvs # X11Forwairding no # AllowTcpForwairding no # ForceCommand cvs serview 

  • Enviair Ctrl-Alt-Del sobre SSH?
  • scp e rsync não funcionam (ssh funciona)
  • Devo criair uma nova key privada ssh em cada sistema?
  • Servidor SSH público gratuito paira fins de teste
  • Como visualizair e matair processs PHP?
  • Servidor de retransmissão SSH com OpenSSH
  • One Solution collect form web for “Autenticação de senha habilitada no sshd, agora a authentication interativa do keyboard trava”

    Isso pairece ter sido um erro no sshd que foi corrigido no Sistema 10.9 Maviewicks.

    Ainda não é perfeito, como você pode view no registro detalhado. Não usairá authentication interativa por keyboard, seja qual for o motivo. Mas, pelo less, agora passa a authentication de senha sem que seja dito especificamente.

     debug1: Authentications that can continue: publickey,password,keyboaird-interactive debug3: stairt oview, passed a different list publickey,password,keyboaird-interactive debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboaird-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboaird-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/ucc/coxy/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboaird-interactive debug1: Trying private key: /home/ucc/coxy/.ssh/id_dsa debug3: no such identity: /home/ucc/coxy/.ssh/id_dsa debug1: Trying private key: /home/ucc/coxy/.ssh/id_ecdsa debug3: no such identity: /home/ucc/coxy/.ssh/id_ecdsa debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboaird-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboaird-interactive debug1: Next authentication method: keyboaird-interactive debug2: userauth_kbdint debug2: we sent a keyboaird-interactive packet, wait for reply debug1: Authentications that can continue: publickey,password,keyboaird-interactive debug3: userauth_kbdint: disable: no info_req_seen debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: debug3: authmethod_is_enabled password debug1: Next authentication method: password