Red Hat Bugzilla – Bug 104576
Putty 0.53b quits on Login (PAM Authentication) with SSH1 (OpenSSH 3.5p1)
Last modified: 2007-04-18 12:57:37 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.1.4322; .NET CLR 1.0.3705)
Description of problem:
Using Putty (Windows) in SSH1 mode will bring up a prompt for user name,
however, when it sends the user name, the application exits. Server uses PAM
When selecting SSH2 protocol for connect, it works fine.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Open putty, type in host name -- defaults to SSH1 mode. Connect.
Actual Results: Prompted for login -- "Sending login information" flashes on
screen briefly, then application closes.
Expected Results: Login/Password and connection.
Are you able to connect via SSH1 with another application? Are you sure it is
not a problem with Putty, instead of OpenSSH server?
I am able to connect to a server that uses the same authentication method with
SSH1 that is running 3.1p1. In addition, I can connection to a server that has
the 3.5p1 with SSH 1 that does not use PAM.
The bug also occurs when using TerraTerm Pro which uses SSH1. So, I'm assuming
it's the update at this time.
ssh -1 from a unix client also shows this problem, including ssh -1 localhost.
This is true of both 3.5p1-9 and 3.5p1-11, though the latter seems to get a
little farther. 3.5p1-9 would hang before asking for a password.
This only seems to be a problem with the RedHat 9 build. RedHat 7.1-8.0 errata
are OK with both ssh1 and ssh2.
ssh -1 connections with RSA identity key authentication are fine.
Damnit. Now the behavior suddenly became very inconsistent. Now I can ssh in
with local password but not kerberos. My system-auth looks like
auth sufficient /lib/security/pam_krb5.so
auth sufficient /lib/security/pam_unix.so use_first_pass
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_krb5.so
Looks to be a problem with pam_krb and openssh. Found the same problem with our
servers that auth using pam_krb5. Servers that are not authenticating using
pam_krb5 seem to work fine. At least pam_krb5 auth works with ssh version 2.
Now we can finally have our servers up to date.
RHL 9 is no longer supported.