PAM configuration for HashiCorp vault-ssh-helper

shadow_pudge_killer_2001

New Member


Messages: 1

I need to use one-time passwords to login on my FreeBSD machine and password verification success:
Code:
Aug 12 15:29:03 host sshd[5466]: in openpam_dispatch(): /usr/lib/pam_exec.so.6: pam_sm_authenticate(): Success
Aug 12 15:29:03 host sshd[5464]: Accepted keyboard-interactive/pam for user from 127.0.0.1 port 21485 ssh2

But connection close immediately:
Code:
Connection to 127.0.0.1 closed by remote host.
Connection to 127.0.0.1 closed.

With this error in logs:
Code:
Aug 12 15:29:03 host sshd[5464]: in pam_vprompt(): entering
Aug 12 15:29:03 host sshd[5464]: in pam_get_item(): entering: PAM_CONV
Aug 12 15:29:03 host sshd[5464]: in pam_get_item(): returning PAM_SUCCESS
Aug 12 15:29:03 host sshd[5464]: in pam_vprompt(): returning PAM_CONV_ERR
Aug 12 15:29:03 host sshd[5464]: in pam_get_authtok(): returning PAM_CONV_ERR
Aug 12 15:29:03 host sshd[5464]: in _pam_exec(): pam_sm_setcred: pam_get_authtok(): Conversation failure
Aug 12 15:29:03 host sshd[5464]: in openpam_free_envlist(): entering
Aug 12 15:29:03 host sshd[5464]: in openpam_free_envlist(): returning
Aug 12 15:29:03 host sshd[5464]: in openpam_dispatch(): /usr/lib/pam_exec.so.6: pam_sm_setcred(): System error
Aug 12 15:29:03 host sshd[5464]: fatal: PAM: pam_setcred(): System error

My pam.d/sshd auth config:
Code:
auth            requisite       pam_exec.so             debug expose_authtok /usr/local/bin/vault-ssh-helper -config=/etc/vault-ssh-helper.d/config.hcl
auth            optional        pam_unix.so             use_first_pass

I really don't know what to do with pam_vprompt (). Can you help me???
 
Top