On Fri, 30 Jun 2006 20:47:40 +0100 (BST), Steve Blinkhorn
<steve@prd.co.uk> wrote:

> > 
> > On Fri, Jun 30, 2006 at 07:16:14PM +0100, Steve Blinkhorn wrote:
> > > I think I see where the problem may lie.   The window I currently have
> > > open onto this machine is a su shell.   But if I try to su again, I
> > > get "pam_start failed".   IIRC this relates to the warning in the
> > > docs and what I am most concerned about.
> > 
> > Yes, PAM should be the only big problem. You can install /etc/pam.d from
> > the 3.0 etc.tar.gz, that should make PAM working.
> > 
> > There used to be a UsePam=no option you could add to /etc/ssh/sshd_config to
> > make it not use PAM, but I can't find this in the docuementation now.
> > 
> 
> Unfortunately I no longer have a working tar (otherwise I could just
> untar 1.6.2 executables from the ISO image I had intended to mount,
> rather than the 3.0 I actually did).   So the question is whether
> there is a way to circumvent PAM so I can login remotely if I get my
> ISP to reboot with the 3.0 kernel.
> 
Try doing

	echo 'UsePam no' >>/etc/ssh/sshd_config

to add the line.  (Yes, that's the right option; I use it.)

Do any of the commands in /rescue work?  I see tar there.

Does cat work?  Cat the proper files from some other machine in another
window, and use cat to create the files you need in /etc/pam.d.  (That
assumes, of course, that mkdir still works -- it's in /rescue, too.)

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb