ssh login fails for user with empty password
Posted
by
Reid
on Server Fault
See other posts from Server Fault
or by Reid
Published on 2012-11-05T15:45:15Z
Indexed on
2012/11/05
17:03 UTC
Read the original article
Hit count: 273
How do you enable ssh login on OS X 10.8 (Mountain Lion) for a user with an empty password? I've seen others asking this question, and like me it's for the same reason: a parent who can't deal with passwords. So "set a password" is not an option.
I found references to adding "nullok" to various PAM config files. Didn't work. Found sshd config "PermitEmptyPasswords yes". Didn't work.
I've done a diff on "ssh -vvv" between a successful ssh with a password-enabled account and the one with no password.
54,55c54,55
< debug2: dh_gen_key: priv key bits set: 133/256
< debug2: bits set: 533/1024
---
> debug2: dh_gen_key: priv key bits set: 140/256
> debug2: bits set: 508/1024
67c67
< debug2: bits set: 509/1024
---
> debug2: bits set: 516/1024
79c79
< debug2: key: /Users/rae/.ssh/rae (0x7f9a0241e2c0)
---
> debug2: key: /Users/rae/.ssh/rae (0x7f81e0c1e2c0)
90,116c90,224
< debug1: Authentications that can continue: publickey,keyboard-interactive
< debug2: we did not send a packet, disable method
< debug3: authmethod_lookup keyboard-interactive
< debug3: remaining preferred: password
< debug3: authmethod_is_enabled keyboard-interactive
< debug1: Next authentication method: keyboard-interactive
< debug2: userauth_kbdint
< debug2: we sent a keyboard-interactive packet, wait for reply
< debug2: input_userauth_info_req
< debug2: input_userauth_info_req: num_prompts 1
< debug3: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64)
< debug1: Authentications that can continue: publickey,keyboard-interactive
< debug2: userauth_kbdint
< debug2: we sent a keyboard-interactive packet, wait for reply
< debug2: input_userauth_info_req
< debug2: input_userauth_info_req: num_prompts 1
< debug3: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64)
< debug1: Authentications that can continue: publickey,keyboard-interactive
< debug2: userauth_kbdint
< debug2: we sent a keyboard-interactive packet, wait for reply
< debug2: input_userauth_info_req
< debug2: input_userauth_info_req: num_prompts 1
< debug3: packet_send2: adding 32 (len 14 padlen 18 extra_pad 64)
< debug1: Authentications that can continue: publickey,keyboard-interactive
< debug2: we did not send a packet, disable method
< debug1: No more authentication methods to try.
< Permission denied (publickey,keyboard-interactive).
---
> debug1: Server accepts key: pkalg ssh-dss blen 433
> debug2: input_userauth_pk_ok: fp 6e:02:20:63:48:6a:08:99:b8:5f:12:d8:d5:3d:e1:fb
> debug3: sign_and_send_pubkey: DSA 6e:02:20:63:48:6a:08:99:b8:5f:12:d8:d5:3d:e1:fb
> debug1: read PEM private key done: type DSA
> debug1: Authentication succeeded (publickey).
> Authenticated to cme-mini.local ([192.168.1.5]:22).
> debug2: fd 7 setting O_NONBLOCK
> debug3: fd 8 is O_NONBLOCK
> debug1: channel 0: new [client-session]
> debug3: ssh_session2_open: channel_new: 0
> debug2: channel 0: send open
> debug1: Requesting [email protected]
> debug1: Entering interactive session.
> debug2: callback start
> debug2: client_session2_setup: id 0
> debug2: fd 5 setting TCP_NODELAY
> debug2: channel 0: request pty-req confirm 1
> debug1: Sending environment.
© Server Fault or respective owner
