[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ssh and login.conf



Hello,

As usual, I've been through the FAQ, man pages, and Google.  This is
on the latest i386 snapshot.

/etc/login.conf seems to set various sorts of authentication for
assorted services, such as telnet and FTP, but this doesn't seem to
affect incoming SSH connections, even if UseLogin is set to yes in
sshd_config.  If I have the following test class in /etc/login.conf:

changepwonly:\
        :auth=lchpass:\
        :requirehome:\
        :tc=default:

it doesn't seem to affect ssh connections.  It works for telnet,
though.  (Yes, this is a bit extreme; while I plan to allow password
auth to FTP connections, this is just demonstrating that it doesn't
work.)

On the SSH client side, incoming connections fail with:

chris_(_at_)_localhost's password: 
Permission denied (publickey,password,keyboard-interactive).

On the server, /var/log/authlog contains the following:

Oct 14 19:21:33 crashbox login: response: invalid service
Oct 14 19:21:33 crashbox sshd[20943]: Failed password for chris from ::1 port 35766 ssh2

So, is ssh just an invalid service for login.conf authentication
types?  Or am I missing something?

==ml

-- 
Michael Lucas		mwlucas_(_at_)_FreeBSD_(_dot_)_org, mwlucas_(_at_)_BlackHelicopters_(_dot_)_org
http://www.oreillynet.com/pub/q/Big_Scary_Daemons

           Absolute BSD:   http://www.AbsoluteBSD.com/