Password authentication fails
Hi people. I'm attempting to set up dropbear ssh on a mac, for testing something. For some reason, password authentication consistently fails for the account I'm trying: testacct. If I set up RSA authentication for testacct, that works fine, but I need to use a password for the testing. I have OpenSSH set up and running on the same system, so I have dropbear on an alternate port: tcp/. If I log into testacct with a password, on tcp/22 (that is, using OpenSSH), things work fine. My dropbear invocation and messages look like: $ /usr/local/sbin/dropbear -p 127.0.0.1: -E -R -F cmd output started 2021 Tue Jul 27 03:41:43 PM PDT [3228] Jul 27 15:41:43 Not backgrounding [3237] Jul 27 15:41:47 Child connection from 127.0.0.1:53525 [3237] Jul 27 15:41:50 Bad password attempt for 'testacct' from 127.0.0.1:53525 [3237] Jul 27 15:41:53 Bad password attempt for 'testacct' from 127.0.0.1:53525 [3237] Jul 27 15:41:55 Exit before auth from <127.0.0.1:53525>: (user 'testacct', 2 fails): Exited normally And from the clients I see: $ ssh -p testacct@127.0.0.1 testacct@127.0.0.1's password: Permission denied, please try again. testacct@127.0.0.1's password: Permission denied, please try again. testacct@127.0.0.1's password: $ dbclient -p testacct@127.0.0.1 Host '127.0.0.1' is not in the trusted hosts file. (ssh-ed25519 fingerprint sha1!! 6f:b7:50:8c:82:87:ce:bf:cc:fd:e3:48:63:12:60:9d:39:17:e2:97) Do you want to continue connecting? (y/n) y testacct@127.0.0.1's password: testacct@127.0.0.1's password: testacct@127.0.0.1's password: What do I need to do to get dropbear server to allow password-based authentication? BTW, I am using Dropbear v2020.81 from homebrew on macOS 11.5.1. Thanks!
Re: Password authentication fails
Hello, Dan Stromberg wrote: > > > Hi people. > > I'm attempting to set up dropbear ssh on a mac, for testing something. > > For some reason, password authentication consistently fails for the account > I'm trying: testacct. If I set up RSA authentication for testacct, that > works fine, but I need to use a password for the testing. Do your account "testacct" have a very long password? ( > 100 characters) > > I have OpenSSH set up and running on the same system, so I have dropbear on > an alternate port: tcp/. > > If I log into testacct with a password, on tcp/22 (that is, using OpenSSH), > things work fine. > > My dropbear invocation and messages look like: > $ /usr/local/sbin/dropbear -p 127.0.0.1: -E -R -F > cmd output started 2021 Tue Jul 27 03:41:43 PM PDT > [3228] Jul 27 15:41:43 Not backgrounding > [3237] Jul 27 15:41:47 Child connection from 127.0.0.1:53525 > [3237] Jul 27 15:41:50 Bad password attempt for 'testacct' from > 127.0.0.1:53525 > [3237] Jul 27 15:41:53 Bad password attempt for 'testacct' from > 127.0.0.1:53525 > [3237] Jul 27 15:41:55 Exit before auth from <127.0.0.1:53525>: (user > 'testacct', 2 fails): Exited normally > > And from the clients I see: > $ ssh -p testacct@127.0.0.1 > testacct@127.0.0.1's password: > Permission denied, please try again. > testacct@127.0.0.1's password: > Permission denied, please try again. > testacct@127.0.0.1's password: > > $ dbclient -p testacct@127.0.0.1 > Host '127.0.0.1' is not in the trusted hosts file. > (ssh-ed25519 fingerprint sha1!! > 6f:b7:50:8c:82:87:ce:bf:cc:fd:e3:48:63:12:60:9d:39:17:e2:97) > Do you want to continue connecting? (y/n) y > testacct@127.0.0.1's password: > testacct@127.0.0.1's password: > testacct@127.0.0.1's password: > > What do I need to do to get dropbear server to allow password-based > authentication? > > BTW, I am using Dropbear v2020.81 from homebrew on macOS 11.5.1. > > Thanks! >
Re: Password authentication fails
Hi Dan, MacOS uses PAM for password auth. As well as --enable-pam for configure it needs #define DROPBEAR_SVR_PASSWORD_AUTH 0 #define DROPBEAR_SVR_PAM_AUTH 1 in localoptions.h at build time. Not sure that Homebrew sets the localoptions.h https://github.com/Homebrew/linuxbrew-core/blob/master/Formula/dropbear.rb I've used Dropbear on 10.15 but haven't tried newer MacOS, laptop is out of updates. I don't know of anything that would break it though. Cheers, Matt On Tue, Jul 27, 2021 at 03:47:49PM -0700, Dan Stromberg wrote: > Hi people. > > I'm attempting to set up dropbear ssh on a mac, for testing something. > > For some reason, password authentication consistently fails for the account > I'm trying: testacct. If I set up RSA authentication for testacct, that > works fine, but I need to use a password for the testing. > > I have OpenSSH set up and running on the same system, so I have dropbear on > an alternate port: tcp/. > > If I log into testacct with a password, on tcp/22 (that is, using OpenSSH), > things work fine. > > My dropbear invocation and messages look like: > $ /usr/local/sbin/dropbear -p 127.0.0.1: -E -R -F > cmd output started 2021 Tue Jul 27 03:41:43 PM PDT > [3228] Jul 27 15:41:43 Not backgrounding > [3237] Jul 27 15:41:47 Child connection from 127.0.0.1:53525 > [3237] Jul 27 15:41:50 Bad password attempt for 'testacct' from > 127.0.0.1:53525 > [3237] Jul 27 15:41:53 Bad password attempt for 'testacct' from > 127.0.0.1:53525 > [3237] Jul 27 15:41:55 Exit before auth from <127.0.0.1:53525>: (user > 'testacct', 2 fails): Exited normally > > And from the clients I see: > $ ssh -p testacct@127.0.0.1 > testacct@127.0.0.1's password: > Permission denied, please try again. > testacct@127.0.0.1's password: > Permission denied, please try again. > testacct@127.0.0.1's password: > > $ dbclient -p testacct@127.0.0.1 > Host '127.0.0.1' is not in the trusted hosts file. > (ssh-ed25519 fingerprint sha1!! > 6f:b7:50:8c:82:87:ce:bf:cc:fd:e3:48:63:12:60:9d:39:17:e2:97) > Do you want to continue connecting? (y/n) y > testacct@127.0.0.1's password: > testacct@127.0.0.1's password: > testacct@127.0.0.1's password: > > What do I need to do to get dropbear server to allow password-based > authentication? > > BTW, I am using Dropbear v2020.81 from homebrew on macOS 11.5.1. > > Thanks!
