ssh cleartext-password "? INCORRECT" (Alan DeKok)
David Ly
dly at somanetworks.com
Wed Nov 19 21:41:14 CET 2008
------------------------------
> Message: 4
> Date: Wed, 19 Nov 2008 10:49:06 -0600
> From: Alan DeKok <aland at deployingradius.com>
> Subject: Re: ssh cleartext-password "? INCORRECT"
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <49244382.5090801 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> David Ly wrote:
>
>> Here is the relavent part of the log from radiusd -X
>> Using 'radtest steve testing localhost 10 testing123'
>>
>
> You've done some *very* weird editing or reformatting of the log.
> That makes it more difficult to understand.
>
>
>> Using 'ssh steve at localhost' password: testing
>>
>> rad_recv: Access-Request packet from host 127.0.0.1 port 26561, id=106,
>> length=83 User-Name =
>> "steve"
>> User-Password = "\010\n\r\177INCORRECT" ****
>>
>
> Ah, yes. That's a PAM feature, I think. Or maybe SSH. It replaces
> the password the user entered with that string. Why? Damned if I know.
>
> I'd suggest asking the PAM people how to configure the system so that
> it doesn't mangle the password.
>
> In any case, this is what the RADIUS server receives, so there is
> *nothing* you can do to the RADIUS server to solve the problem.
>
> And the PAM RADIUS module doesn't do this stupid rewriting. So
> there's nothing you can do to that module, either.
>
> Alan DeKok.
>
>
>
I manged to find the problem, as you said, it WASNT the server but
rather the PAM module that was causing this. It required a local user
account (set with a blank password). As to why it needs that, I have no
idea, but thats that. Thanks for the help, and I hope that others who
come across this can avoid the grueling two days of troubleshooting and
tinkering. Once agian thanks to all. Cheers
David Ly
More information about the Freeradius-Users
mailing list