Re: Password authentication fails

2021-07-28 Thread Dan Stromberg 
I didn't see a localoptions.h, but I made the corresponding changes in
default_options.h and ./configure --enable-pam, and now password
authentication is working.

Thanks!

On Tue, Jul 27, 2021 at 6:41 PM Matt Johnston  wrote:

> Hi Dan,
>
> MacOS uses PAM for password auth. As well as --enable-pam for
> configure it needs
>
> #define DROPBEAR_SVR_PASSWORD_AUTH 0
> #define DROPBEAR_SVR_PAM_AUTH 1
>
> in localoptions.h at build time.
>
> Not sure that Homebrew sets the localoptions.h
> https://github.com/Homebrew/linuxbrew-core/blob/master/Formula/dropbear.rb
>
> I've used Dropbear on 10.15 but haven't tried newer MacOS, laptop
> is out of updates. I don't know of anything that would break
> it though.
>
> Cheers,
> Matt
>
>
> On Tue, Jul 27, 2021 at 03:47:49PM -0700, Dan Stromberg wrote:
> > Hi people.
> >
> > I'm attempting to set up dropbear ssh on a mac, for testing something.
> >
> > For some reason, password authentication consistently fails for the
> account
> > I'm trying: testacct.  If I set up RSA authentication for testacct, that
> > works fine, but I need to use a password for the testing.
> >
> > I have OpenSSH set up and running on the same system, so I have dropbear
> on
> > an alternate port: tcp/.
> >
> > If I log into testacct with a password, on tcp/22 (that is, using
> OpenSSH),
> > things work fine.
> >
> > My dropbear invocation and messages look like:
> > $ /usr/local/sbin/dropbear -p 127.0.0.1: -E -R -F
> > cmd output started 2021 Tue Jul 27 03:41:43 PM PDT
> > [3228] Jul 27 15:41:43 Not backgrounding
> > [3237] Jul 27 15:41:47 Child connection from 127.0.0.1:53525
> > [3237] Jul 27 15:41:50 Bad password attempt for 'testacct' from
> > 127.0.0.1:53525
> > [3237] Jul 27 15:41:53 Bad password attempt for 'testacct' from
> > 127.0.0.1:53525
> > [3237] Jul 27 15:41:55 Exit before auth from <127.0.0.1:53525>: (user
> > 'testacct', 2 fails): Exited normally
> >
> > And from the clients I see:
> > $ ssh -p  testacct@127.0.0.1
> > testacct@127.0.0.1's password:
> > Permission denied, please try again.
> > testacct@127.0.0.1's password:
> > Permission denied, please try again.
> > testacct@127.0.0.1's password:
> >
> > $ dbclient -p  testacct@127.0.0.1
> > Host '127.0.0.1' is not in the trusted hosts file.
> > (ssh-ed25519 fingerprint sha1!!
> > 6f:b7:50:8c:82:87:ce:bf:cc:fd:e3:48:63:12:60:9d:39:17:e2:97)
> > Do you want to continue connecting? (y/n) y
> > testacct@127.0.0.1's password:
> > testacct@127.0.0.1's password:
> > testacct@127.0.0.1's password:
> >
> > What do I need to do to get dropbear server to allow password-based
> > authentication?
> >
> > BTW, I am using Dropbear v2020.81 from homebrew on macOS 11.5.1.
> >
> > Thanks!
>


-- 

Dan Stromberg | Senior Software Developer

Mobile +1.949-342-6502




** This email is confidential and is intended for the recipient(s)
addressed herein **

Re: Password authentication fails

2021-07-28 Thread Dan Stromberg 
On Tue, Jul 27, 2021 at 4:33 PM  wrote:

> Hello,
>
> Dan Stromberg  wrote:
> >
> >
> > Hi people.
> >
> > I'm attempting to set up dropbear ssh on a mac, for testing something.
> >
> > For some reason, password authentication consistently fails for the
> account I'm trying: testacct.  If I set up RSA authentication for testacct,
> that works fine, but I need to use a password for the testing.
>
> Do your account "testacct" have a very long password? ( > 100 characters)
>

No, it does not.

Thanks.

-- 

Dan Stromberg | Senior Software Developer

Mobile +1.949-342-6502




** This email is confidential and is intended for the recipient(s)
addressed herein **

Re: Password authentication fails

2021-07-27 Thread Matt Johnston 
Hi Dan,

MacOS uses PAM for password auth. As well as --enable-pam for
configure it needs

#define DROPBEAR_SVR_PASSWORD_AUTH 0
#define DROPBEAR_SVR_PAM_AUTH 1

in localoptions.h at build time. 

Not sure that Homebrew sets the localoptions.h
https://github.com/Homebrew/linuxbrew-core/blob/master/Formula/dropbear.rb

I've used Dropbear on 10.15 but haven't tried newer MacOS, laptop
is out of updates. I don't know of anything that would break
it though.

Cheers,
Matt


On Tue, Jul 27, 2021 at 03:47:49PM -0700, Dan Stromberg wrote:
> Hi people.
> 
> I'm attempting to set up dropbear ssh on a mac, for testing something.
> 
> For some reason, password authentication consistently fails for the account
> I'm trying: testacct.  If I set up RSA authentication for testacct, that
> works fine, but I need to use a password for the testing.
> 
> I have OpenSSH set up and running on the same system, so I have dropbear on
> an alternate port: tcp/.
> 
> If I log into testacct with a password, on tcp/22 (that is, using OpenSSH),
> things work fine.
> 
> My dropbear invocation and messages look like:
> $ /usr/local/sbin/dropbear -p 127.0.0.1: -E -R -F
> cmd output started 2021 Tue Jul 27 03:41:43 PM PDT
> [3228] Jul 27 15:41:43 Not backgrounding
> [3237] Jul 27 15:41:47 Child connection from 127.0.0.1:53525
> [3237] Jul 27 15:41:50 Bad password attempt for 'testacct' from
> 127.0.0.1:53525
> [3237] Jul 27 15:41:53 Bad password attempt for 'testacct' from
> 127.0.0.1:53525
> [3237] Jul 27 15:41:55 Exit before auth from <127.0.0.1:53525>: (user
> 'testacct', 2 fails): Exited normally
> 
> And from the clients I see:
> $ ssh -p  testacct@127.0.0.1
> testacct@127.0.0.1's password:
> Permission denied, please try again.
> testacct@127.0.0.1's password:
> Permission denied, please try again.
> testacct@127.0.0.1's password:
> 
> $ dbclient -p  testacct@127.0.0.1
> Host '127.0.0.1' is not in the trusted hosts file.
> (ssh-ed25519 fingerprint sha1!!
> 6f:b7:50:8c:82:87:ce:bf:cc:fd:e3:48:63:12:60:9d:39:17:e2:97)
> Do you want to continue connecting? (y/n) y
> testacct@127.0.0.1's password:
> testacct@127.0.0.1's password:
> testacct@127.0.0.1's password:
> 
> What do I need to do to get dropbear server to allow password-based
> authentication?
> 
> BTW, I am using Dropbear v2020.81 from homebrew on macOS 11.5.1.
> 
> Thanks!

Re: Password authentication fails

2021-07-27 Thread roytam 
Hello,

Dan Stromberg  wrote:
>
>
> Hi people.
>
> I'm attempting to set up dropbear ssh on a mac, for testing something.
>
> For some reason, password authentication consistently fails for the account 
> I'm trying: testacct.  If I set up RSA authentication for testacct, that 
> works fine, but I need to use a password for the testing.

Do your account "testacct" have a very long password? ( > 100 characters)

>
> I have OpenSSH set up and running on the same system, so I have dropbear on 
> an alternate port: tcp/.
>
> If I log into testacct with a password, on tcp/22 (that is, using OpenSSH), 
> things work fine.
>
> My dropbear invocation and messages look like:
> $ /usr/local/sbin/dropbear -p 127.0.0.1: -E -R -F
> cmd output started 2021 Tue Jul 27 03:41:43 PM PDT
> [3228] Jul 27 15:41:43 Not backgrounding
> [3237] Jul 27 15:41:47 Child connection from 127.0.0.1:53525
> [3237] Jul 27 15:41:50 Bad password attempt for 'testacct' from 
> 127.0.0.1:53525
> [3237] Jul 27 15:41:53 Bad password attempt for 'testacct' from 
> 127.0.0.1:53525
> [3237] Jul 27 15:41:55 Exit before auth from <127.0.0.1:53525>: (user 
> 'testacct', 2 fails): Exited normally
>
> And from the clients I see:
> $ ssh -p  testacct@127.0.0.1
> testacct@127.0.0.1's password:
> Permission denied, please try again.
> testacct@127.0.0.1's password:
> Permission denied, please try again.
> testacct@127.0.0.1's password:
>
> $ dbclient -p  testacct@127.0.0.1
> Host '127.0.0.1' is not in the trusted hosts file.
> (ssh-ed25519 fingerprint sha1!! 
> 6f:b7:50:8c:82:87:ce:bf:cc:fd:e3:48:63:12:60:9d:39:17:e2:97)
> Do you want to continue connecting? (y/n) y
> testacct@127.0.0.1's password:
> testacct@127.0.0.1's password:
> testacct@127.0.0.1's password:
>
> What do I need to do to get dropbear server to allow password-based 
> authentication?
>
> BTW, I am using Dropbear v2020.81 from homebrew on macOS 11.5.1.
>
> Thanks!
>