Red Hat Bugzilla – Bug 1310226
OpenSSH 7.1p2 with custom PAM module doesn't show the PAM module's prompt
Last modified: 2016-02-22 04:16:16 EST
Description of problem:
I recently upgraded from Fedora 22 to Fedora 23.
However, the machine needs a custom authentication and for this, we have a custom made PAM module that offers its own login prompt.
With openssh-6.8p1-8 on Fedora 22, the PAM module's own prompt is visible.
With openssh-7.1p2-3 on Fedora 23, this prompt is replaced with ssh's own prompt, with the generated password of the day still works.
Version-Release number of selected component (if applicable):
$ rpm -q openssh
Steps to Reproduce:
The custom prompt is replaced with the stock ssh prompt but login is allowed with the PAM module's generated password.
The PAM module's own prompt should be shown when it gets activated during the authentication process.
Most probably your configuration just changed from keyboard-interactive authentication to regular password authentication which is (and always was) the default on Fedora.
Just verify that you have ChallengeResponseAuthentication set to 'yes' and PasswordAuthentication set to 'no' in the sshd_config.
Thank you, these settings helped.