current-users: Re: ssh prompts passwd twice

Subject: Re: ssh prompts passwd twice
To: NetBSD Current Users <current-users@NetBSD.org>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: current-users
Date: 03/10/2005 22:20:52

On Thu, Mar 10, 2005 at 05:23:31PM +0100, Jukka Salmi wrote:
> Manuel Bouyer --> current-users (2005-03-10 15:56:23 +0100):
> > It's the one installed on the systemp by default. I didn't change anything
> > in /etc/pam.d/.
> > 
> > # $NetBSD: sshd,v 1.4 2005/02/27 03:40:14 thorpej Exp $
> > #
> > # PAM configuration for the "sshd" service
> > #
> > 
> > # auth
> > auth            required        pam_nologin.so          no_warn
> > auth            sufficient      pam_krb5.so             no_warn try_first_pass
> > auth            sufficient      pam_ssh.so              no_warn try_first_pass
> > auth            required        pam_unix.so             no_warn try_first_pass
> 
> So the first prompt is from pam_ssh, asking for the passphrase of your
> ~/.ssh/id_[dr]sa key. The second prompt is from pam_unix, asking for your
> local system password. Removing the lines referencing pam_ssh should fix
> the problem. As does using the same secret in both places ;-)

But I don't have authorized_keys on this box, and this happens from
accounts with, or without ssh keys in ~/.ssh/.
pam_ssh should detect such situations and not ask for a passphrase in such
cases.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--