[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
pam_oath/sshd debug logging on Debian 10
|
From: |
Felix Natter |
|
Subject: |
pam_oath/sshd debug logging on Debian 10 |
|
Date: |
Sun, 16 May 2021 20:17:09 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
hello oath-toolkit-help,
I am trying to use pam_oath.so on Debian 10 for SSH access:
ii liboath0 2.6.1-1.3 amd64 OATH Toolkit Liboath library
ii libpam-oath 2.6.1-1.3 amd64 OATH Toolkit libpam_oath PAM
module
ii oathtool 2.6.1-1.3 amd64 OATH Toolkit oathtool
command line tool
ii openssh-server 1:7.9p1-10+deb10u2 amd64 secure shell (SSH) server,
for secure access from remote machines
/etc/ssh/sshd_config:
ChallengeResponseAuthentication yes
UsePAM yes
match group sudo
PubkeyAuthentication yes
PasswordAuthentication yes
AuthenticationMethods keyboard-interactive
Prepended to /etc/pam.d/ssh:
auth sufficient pam_oath.so debug usersfile=/etc/users.oauth window=10 digits=6
verbose=1
#auth [success=ok new_authtok_reqd=ok default=die] pam_oath.so debug
usersfile=/etc/users.oauth window=10 digits=6
/etc/users.oath:
HOTP felix - 00
(this user is in the sudo group)
I am using a zero key, because according to the documentation [1], this
causes the first OTP to be 328482 (for simplicity, no
FreeOTP/authenticator involved).
[1] https://www.nongnu.org/oath-toolkit/pam_oath.html
Despite the debug flag for pam_oath.so, the only thing I see in
/var/log/auth.log is this:
May 16 19:46:36 delllaptop sshd[1380]: error: PAM: Authentication failure for
felix from 192.168.178.21
May 16 19:46:37 delllaptop sshd[1380]: error: PAM: Authentication failure for
felix from 192.168.178.21
May 16 19:46:38 delllaptop sshd[1380]: error: PAM: Authentication failure for
felix from 192.168.178.21
/var/log/debug contains mostly kernel- und no PAM-messages. There is
also no PAM[-oath] logging on the client (I entered "328482" 3x):
$ ssh dellnotebook
One-time password (OATH) for `felix':
One-time password (OATH) for `felix':
One-time password (OATH) for `felix':
felix@dellnotebook: Permission denied (keyboard-interactive).
So how can I configure debug logging to find out what the problem is?
Many Thanks! Best Regards,
--
Felix Natter
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- pam_oath/sshd debug logging on Debian 10,
Felix Natter <=