Bug 680

Summary:

different behavior for pam ssh-1 vs ssh-2 client

Product:

Portable OpenSSH

Reporter:

Doug Hughes <doug>

Component:

PAM support

Assignee:

OpenSSH Bugzilla mailing list <openssh-bugs>

Status:

CLOSED INVALID

Severity:

normal

Priority:

Version:

3.7p1

Hardware:

UltraSPARC

OS:

Solaris

Attachments:

Description	Flags
ssh-1 client connect - fails auth (same user)	none
ssh2 client connect - pam session works (debug3)	none

Description Doug Hughes 2003-09-19 02:26:40 AEST

openssh3.7 and above have different behavior with respect to pam when connecting
from an ssh-2 or ssh-1 client. When connection comes from ssh-2 client, the
server calls the appropriate pam modules and authenticates fine. When a
connection comes from ssh-1 client, it does not. (auth failed).

This worked in 3.6.1p1 for what it's worth (no difference in behavior)

Comment 1 Doug Hughes 2003-09-19 02:55:36 AEST

Created attachment 428 [details]
ssh-1 client connect - fails auth (same user)

Comment 2 Doug Hughes 2003-09-19 02:56:17 AEST

Created attachment 429 [details]
ssh2 client connect - pam session works (debug3)

Comment 3 Damien Miller 2003-09-19 16:37:13 AEST

Could you send a "ssh -1v" trace from the client?

Comment 4 Darren Tucker 2003-12-22 22:14:52 AEDT

The debugging for the SSHv1 shows it only trying password authentication when it
should be using ChallengeResponse (aka TIS). Can you try with
"PasswordAuthentication=no" in sshd_config (as well as attaching the ssh -1v
trace djm asked for)?

Comment 5 Darren Tucker 2004-01-22 20:59:12 AEDT

4 months no reply == closed bug.

Comment 6 Damien Miller 2004-04-14 12:24:19 AEST

Mass change of RESOLVED bugs to CLOSED