# ssh problem

## Net_Spy

Greetings to All

  Im having a problem with ssh.i just turn on default setting by uncomiting port 22 and protocole and usepam yes setting.when i star the service i get this message

```

/etc/ssh/sshd_config line 81: unsupported option UsePam

```

but service started,and i logged in using putter from my windows machine to my gentoo.but i can not logged in using winscp 

im getting 

```

Authentication log (see session log for details):

Using username "root".

No supported authentication methods left to try!

Authentication failed.

```

looking forward for your kind response.

 Regards

  Net_Spy

----------

## elgato319

Is net-misc/openssh compiled with the use-flag "pam" ?

check with:

```

emerge -vp net-misc/openssh

```

enable and recompile with:

```

USE="pam" emerge net-misc/openssh

```

you can also add the use flag into your /etc/make.conf or use /etc/portage/package.use

USE flags:

http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=2

----------

## Net_Spy

ive set the use flag of "pam"  re-emerge the package of openssh but still the same error of 

[code]

/etc/ssh/sshd_config line 81: Unsupported option UsePAM

[/]code]

looking forwartd for your kind response.

 Regards

  Net_Spy

----------

## elgato319

found something:

https://forums.gentoo.org/viewtopic-t-368989-view-next.html?sid=4c6409f86c9a89834e6b3a59ab7124c2

translation:

 *Quote:*   

> 
> 
> Problem has been fixed. "static" must not be enabled in package.use
> 
> 

 

----------

## phajdan.jr

Just a note: using USE="..." emerge something is not a good practice. It's much better to use package.use instead (you can use tolls like flagedit to ease this task). Otherwise if you forget to enable same USE flags on the next merge of this package you risk losing some functionality or other trouble.

----------

## Net_Spy

thanks for your reply,but it didnt help me 

 well me make.cong flags are

```
 X gnome qt3 qt4 cdr dvd alsa pam 
```

i dont whats wrong with it.looking forward for your kind response.

 Regards 

  Net_Spy

----------

## phajdan.jr

Well, it was a note about using USE env var in a commandline call of emerge. It has nothing to do with flags you have in configuration files.

About the problem - well, can you post output of 'emerge -pv openssh', as well as 'emerge -pv sys-libs/pam', as well as sshd_conf, after making sure that dynamic linking is ok on your system by running revdep-rebuild?

----------

## Net_Spy

well here is the out put of 

```

emerge -pv sys-libs/pam

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] sys-libs/pam-0.78-r5  USE="berkdb -nis -pam_chroot -pam_console -pam_timestamp -pwdb (-selinux)" 90 kB 

Total: 1 package (1 reinstall), Size of downloads: 90 kB

```

```

emerge -pv openssh

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] net-misc/openssh-4.6_p1-r2  USE="X pam tcpd -X509 -chroot -hpn -kerberos -ldap -libedit (-selinux) -skey -smartcard -static*" 0 kB 

Total: 1 package (1 reinstall), Size of downloads: 0 kB

```

```

cat /etc/ssh/sshd_config       

#       $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $

# This is the sshd server system-wide configuration file.  See

# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented.  Uncommented options change a

# default value.

Port 10022

Protocol 2

#AddressFamily any

#ListenAddress 0.0.0.0

#ListenAddress ::

# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 1h

#ServerKeyBits 768

# Logging

# obsoletes QuietMode and FascistLogging

#SyslogFacility AUTH

#LogLevel INFO

# Authentication:

#LoginGraceTime 2m

#PermitRootLogin yes

#StrictModes yes

#MaxAuthTries 6

#RSAAuthentication yes

#PubkeyAuthentication yes

#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

# similar for protocol version 2

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# RhostsRSAAuthentication and HostbasedAuthentication

#IgnoreUserKnownHosts no

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!

PasswordAuthentication no

#PermitEmptyPasswords no

# Change to no to disable s/key passwords

ChallengeResponseAuthentication no

# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no

# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing, 

# and session processing. If this is enabled, PAM authentication will 

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication.  Depending on your PAM configuration,

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

UsePAM yes

#AllowTcpForwarding yes

#GatewayPorts no

#X11Forwarding no

#X11DisplayOffset 10

#X11UseLocalhost yes

#PrintMotd yes

#PrintLastLog yes

#TCPKeepAlive yes

#UseLogin no

#UsePrivilegeSeparation yes

#PermitUserEnvironment no

#Compression delayed

#ClientAliveInterval 0

#ClientAliveCountMax 3

#UseDNS yes

#PidFile /var/run/sshd.pid

#MaxStartups 10

#PermitTunnel no

# no default banner path

#Banner /some/path

# override default of no subsystems

Subsystem       sftp    /usr/lib/misc/sftp-server

# Example of overriding settings on a per-user basis

#Match User anoncvs

#       X11Forwarding no

#       AllowTcpForwarding no

#       ForceCommand cvs server

```

and revdep-rebuild doesnt work.looking forward for your kind response.

Regards

  Net_Spy

----------

## phajdan.jr

You see, someone posted that the "static" USEflag may be a problem. Well, your openssh is still compiled with static, and your change just didn't take effect. Re-emerge openssh and this should fix your problem, and remember that after changing USEflags you have to run emerge --newuse --update --deep world.

----------

## Net_Spy

Greetings

  thanks issue is solved.I unmerged the package and remerged it.

 Regards

   Net_Spy

----------

