-
Title
When logging in with ssh custom prompt does not show up correctly -
Description
After setting a custom prompts such as prompt-vas-ad-pw = "Enter your Windows password: " in the vas.conf file or in a group policy, the correct prompt is not displayed when logging in with ssh.
This also applies to the prompt-local-pw and prompt-vas-ad-disauth-pwcache options.
-
Cause
CAUSE 1:
The version of ssh is not compiled with pam.
CAUSE 2:
SSH Configuration issue
CAUSE 3:
AIX operating system configuration issue
CAUSE 4:
SSH1 does not support "keyboard-interactive" sessions. This is a requirement for SSH to show custom prompts. -
Resolution
RESOLUTION 1:
To check if ssh is compiled with pam run the following command:
ldd /usr/local/sbin/sshd | grep -i pamIf it show pam libraries file than the version is compiled with pam.
1 - Install version of ssh that is compiled with PAM
RESOLUTIONS 2:
1 - Edit the sshd_config file
2 - Change the config to include "ChallengeResponseAuthentication yes"
3 - Ensure UsePAM is set to yes
3 - Restart sshd
RESOLUTION 3:
If on the AIX operating system, in order to see the custom prompts you must be using PAM authentication. To check what method of authentication the system is setup to use view the login.cfg file. If auth_type = STD_AUTH the system is using LAM.
1 - Edit the login.cfg file
2 - Change the auth_type = PAM_AUTH
3 - Reboot
RESOLUTION 4:
Force the SSH client and/or server to only use SSH2. This is also recommended as a security measure.
1 - To force SSH2 on the server, modify the relevant sshd_config file, and add/modify the following line:Protocol 2 -
Additional Information
This can also be caused by using password authentication instead of keyboard-interactive. Password does not support custom prompts form PAM, while keyboard-interactive does.