ssh cleartext-password "? INCORRECT" (Alan DeKok)

David Ly dly at
Wed Nov 19 21:41:14 CET 2008

> Message: 4
> Date: Wed, 19 Nov 2008 10:49:06 -0600
> From: Alan DeKok <aland at>
> Subject: Re: ssh cleartext-password "? INCORRECT"
> To: FreeRadius users mailing list
> 	<freeradius-users at>
> Message-ID: <49244382.5090801 at>
> Content-Type: text/plain; charset=ISO-8859-1
> David Ly wrote:
>> Here is the relavent part of the log from radiusd -X
>> Using 'radtest steve testing localhost 10 testing123'
>   You've done some *very* weird editing or reformatting of the log.
> That makes it more difficult to understand.
>> Using 'ssh steve at localhost' password: testing
>> rad_recv: Access-Request packet from host port 26561, id=106,
>> length=83                User-Name =
>> "steve"                                                              
>>        User-Password = "\010\n\r\177INCORRECT"             ****
>   Ah, yes.  That's a PAM feature, I think.  Or maybe SSH.  It replaces
> the password the user entered with that string.  Why?  Damned if I know.
>   I'd suggest asking the PAM people how to configure the system so that
> it doesn't mangle the password.
>   In any case, this is what the RADIUS server receives, so there is
> *nothing* you can do to the RADIUS server to solve the problem.
>   And the PAM RADIUS module doesn't do this stupid rewriting.  So
> there's nothing you can do to that module, either.
>   Alan DeKok.
I manged to find the problem, as you said, it WASNT the server but 
rather the PAM module that was causing this. It required a local user 
account (set with a blank password). As to why it needs that, I have no 
idea, but thats that. Thanks for the help, and I hope that others who 
come across this can avoid the grueling two days of troubleshooting and 
tinkering. Once agian thanks to all. Cheers

David Ly

More information about the Freeradius-Users mailing list