ssh cleartext-password "? INCORRECT"

Alan DeKok aland at deployingradius.com
Wed Nov 19 17:49:06 CET 2008


David Ly wrote:
> Here is the relavent part of the log from radiusd -X
> Using 'radtest steve testing localhost 10 testing123'

  You've done some *very* weird editing or reformatting of the log.
That makes it more difficult to understand.

> Using 'ssh steve at localhost' password: testing
> 
> rad_recv: Access-Request packet from host 127.0.0.1 port 26561, id=106,
> length=83                User-Name =
> "steve"                                                              
>        User-Password = "\010\n\r\177INCORRECT"             ****

  Ah, yes.  That's a PAM feature, I think.  Or maybe SSH.  It replaces
the password the user entered with that string.  Why?  Damned if I know.

  I'd suggest asking the PAM people how to configure the system so that
it doesn't mangle the password.

  In any case, this is what the RADIUS server receives, so there is
*nothing* you can do to the RADIUS server to solve the problem.

  And the PAM RADIUS module doesn't do this stupid rewriting.  So
there's nothing you can do to that module, either.

  Alan DeKok.



More information about the Freeradius-Users mailing list