I am changing the login authentication method from password to keyboard interactive for security purposes. I know this option is kind of add-on for ssh client programs; which explains the best info about option is in this link: User Authentication with Keyboard-Interactive
One of the servers is AIX; and althoguh I have done many combination it keeps giving me the error saying unable to authenticate using methods which includes keyboard-interactive.
1) The server is AIX5.3
2) ssh -v
OpenSSH_4.3p2, OpenSSL 0.9.7l 28 Sep 2006
3) no LDAP
4) no xml configuration file for ssh like ssh-server-config.xml; so no LAM
5) $OpenBSD: sshd_config,v 1.73
My configuration is basically as follows;
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePAM yes
X11Forwarding yes
If there is anyone who can help me, it is appreciated. There may be a version supporting keyboard-interactive or a parameter that doesn't show up in man for sshd_config. Maybe, I should change ssh_config file which is all commented. There is /etc/pam.conf without any line with ssh-server-g3. Do u have any recommendation?
which effectively disables authentication by password (which is usually done interactively on a keyboard). Change that, restart the SSH server, and everything should work. Or, use the public key authentication that seems to be in place already.
If I set PasswordAuthentication yes; then it doesn't require interactive input. The SSH program that my friends use can save passwords; that is the main problem actually. Anyone access to their computer can login to any server they want without entering passwords which causes security problem. Linux servers became ok; after setting the parameter KbdInteractiveAuthentication which isn't in any sshd man. All sshd man look the same actually, i don't know why.
I can't see the way actually that the server could prevent the client from saving a password. If you use password and it's the same password each time I can't see a way to know the difference between entering it by user or by computer...
The client is bought many years ago; it has support for keyboard interactive. It can save password if the method is password authentication (for people who don't want to enter password every time just clicks that save option); but when it comes to keyboard interactive authentication, it doesn't have an option to save passwords. I want the client to ask for password for each login not to save them.
The other idea is to write a perl script that shows up a login screen and pass the username and password to the server. That is something that over my head.
Whatever, the problem isn't about it, I want to login to my aix server with keyboard interactive authentication method not password authentication method. What should I do for it? This is something easy; but I just couldn't figure it out.