From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Description of problem: Using Putty (Windows) in SSH1 mode will bring up a prompt for user name, however, when it sends the user name, the application exits. Server uses PAM authentication. When selecting SSH2 protocol for connect, it works fine. Version-Release number of selected component (if applicable): OpenSSH 3.5p1 How reproducible: Always Steps to Reproduce: 1. Open putty, type in host name -- defaults to SSH1 mode. Connect. Actual Results: Prompted for login -- "Sending login information" flashes on screen briefly, then application closes. Expected Results: Login/Password and connection.
Are you able to connect via SSH1 with another application? Are you sure it is not a problem with Putty, instead of OpenSSH server?
I am able to connect to a server that uses the same authentication method with SSH1 that is running 3.1p1. In addition, I can connection to a server that has the 3.5p1 with SSH 1 that does not use PAM. The bug also occurs when using TerraTerm Pro which uses SSH1. So, I'm assuming it's the update at this time.
ssh -1 from a unix client also shows this problem, including ssh -1 localhost. This is true of both 3.5p1-9 and 3.5p1-11, though the latter seems to get a little farther. 3.5p1-9 would hang before asking for a password. This only seems to be a problem with the RedHat 9 build. RedHat 7.1-8.0 errata are OK with both ssh1 and ssh2. ssh -1 connections with RSA identity key authentication are fine. Damnit. Now the behavior suddenly became very inconsistent. Now I can ssh in with local password but not kerberos. My system-auth looks like auth sufficient /lib/security/pam_krb5.so auth sufficient /lib/security/pam_unix.so use_first_pass session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session optional /lib/security/pam_krb5.so
Looks to be a problem with pam_krb and openssh. Found the same problem with our servers that auth using pam_krb5. Servers that are not authenticating using pam_krb5 seem to work fine. At least pam_krb5 auth works with ssh version 2. Now we can finally have our servers up to date. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=101183
RHL 9 is no longer supported.