Solved Unable to login

[balanga]

On one system when I try to login, I am greeted with

SSH passphrase:

I don't know where this comes from or how to get round it.

Help!

Fortunately, I have NFSD running so can mount the partition and see what is on it. I'm also able to ssh into it without this error.

 

[cmoerz]

What exactly are you doing before you get this message? Are you logging in on the console, via ssh, telnet, ...?

 

[balanga]

What exactly are you doing before you get this message? Are you logging in on the console, via ssh, telnet, ...?

It's a straight forward boot up from the FreeBSD boot menu. The system boots up normally and gets as far as the login prompt. I enter root which is followed by

SSH passphrase:

I just discovered I can both mount the filesystem over NFS and log in normally via ssh. I discovered earlier that the system was originally mounted readonly and haven't yet worked out how that came about.

I've never seen anything like this before and have no idea where to look.

I suspect it may have something to do with setting the password wrongly, BICBW.

 

[cmoerz]

That is weird. Maybe you want to check your /etc/pam.d/login and /etc/ttys if there's anything weird going on? I'd also recommend checking your .shrc or what have you shell init script.

I assume your root account does have a password?

 

[balanga]

cat login:-

#
# PAM configuration for the "login" service
#

# auth
auth        sufficient    pam_self.so        no_warn
auth        include        system

# account
account        requisite    pam_securetty.so
account        required    pam_nologin.so
account        include        system

# session
session        include        system

# password
password    include        system

~/.shrc is standard

I do have a password, but it's blank.

When booting into single user mode from the boot menu and running mount, it shows that my system is read-only. I can't work out how this is configured as such.

 

[T-Aoki]

When booting into single user mode from the boot menu and running mount, it shows that my system is read-only. I can't work out how this is configured as such.

You need mount -uw / first to remount / as read-write.

Then, mount partitions what you want, usually all.
For Root-on-ZFS, zfs mount -a.
If not (UFS), mount -a here instead.

Edit:
Not atually checked, but no (blank) root password could causing this.
Or just need allow_root option for pam_self(8).
Doesn' it? Does someone have any knowledge?
Anyway, blank root password should be strongly discouraged.

 

[junkyalleycat]


drew@polaris /usr/src $ grep 'SSH passphrase:' * -rn
crypto/openssh/contrib/gnome-ssh-askpass1.c:166: message = "Enter your OpenSSH passphrase:";
crypto/openssh/contrib/gnome-ssh-askpass3.c:290: message = g_strdup("Enter your OpenSSH passphrase:");
crypto/openssh/contrib/gnome-ssh-askpass2.c:326: message = g_strdup("Enter your OpenSSH passphrase:");
lib/libpam/modules/pam_ssh/pam_ssh.c:75:static const char *pam_ssh_prompt = "SSH passphrase: ";


It seems likely that you have the ssh pam module in your auth chain, it's used to authenticate using an ssh private key passphrase. Maybe grep for "pam_ssh" in your /etc/pam.d and /usr/local/etc/pam.d directories (like cmoerz suggested) to see what systems are using it. You might receive several matches as the default base pam config contains it, but the default base has them all commented out. Find where it isn't commented out.

 

[balanga]

It seems likely that you have the ssh pam module in your auth chain, it's used to authenticate using an ssh private key passphrase. Maybe grep for "pam_ssh" in your /etc/pam.d and /usr/local/etc/pam.d directories (like cmoerz suggested) to see what systems are using it. You might receive several matches as the default base pam config contains it, but the default base has them all commented out. Find where it isn't commented out.

Many thanks for this!!!!

Here's my amended file:

cat /etc/pam.d/system:-

#
#
# System-wide defaults
#

# auth
#auth           sufficient      pam_krb5.so             no_warn try_first_pass
auth            sufficient      pam_ssh.so              no_warn try_first_pass nullok
#auth           required        pam_unix.so             no_warn try_first_pass nullok

I was trying to figure out how to allow a null password, although I don't really understand how this works, but it obviously isn't as I expected.

Restoring the original file allowed me to login without needing to reboot. So, once again many thanks.

 

[balanga]

You need mount -uw / first to remount / as read-write.

Then, mount partitions what you want, usually all.
For Root-on-ZFS, zfs mount -a.
If not (UFS), mount -a here instead.

I figured out how to mount as read-write, but don't really understand how the read only status took effect.

Edit:
Not atually checked, but no (blank) root password could causing this.
Or just need allow_root option for pam_self(8).
Doesn' it? Does someone have any knowledge?
Anyway, blank root password should be strongly discouraged.

It's my own system, and it's convenient for me to have a blank password. I'm prepared to accept any security risks.

 

[Cath O'Deray]

how the read only status took effect.

It's by design with single user mode.

init(8)

<https://docs.freebsd.org/en/books/handbook/book/#boot-singleuser>