# [SOLVED] pam_mount failing via ssh: Conversation error_

## Massimo B.

Recently I merged the latest pambase updates into my system-auth with pam_mount setting. Things began to fail like xdm and now ssh login:

```
Mon Feb 16 11:45:29 2015 >>> sys-auth/pambase-20150213
```

Now I have this merged result of the system-auth:

```
auth            required        pam_env.so 

auth            optional        pam_mount.so 

auth            required        pam_unix.so try_first_pass likeauth nullok 

auth            optional        pam_permit.so

account         required        pam_unix.so 

account         optional        pam_permit.so

password        required        pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 

password        required        pam_unix.so try_first_pass use_authtok nullok sha512 shadow 

password        optional        pam_permit.so

session         required        pam_limits.so 

session         required        pam_env.so 

session         required        pam_unix.so 

session         optional        pam_permit.so

session         optional        pam_mount.so
```

Now I've seen ssh login does not work anymore:

```
Mar 02 13:35:31 [sshd] (pam_mount.c:522): mount of /dev/disk/by-uuid/91fc8930-02d1-449e-b645-648325004e6e failed_

Mar 02 13:35:31 [sshd] (pam_mount.c:173): conv->conv(...): Conversation error_

Mar 02 13:35:31 [sshd] (pam_mount.c:477): warning: could not obtain password interactively either_

Mar 02 13:35:31 [sshd] SSH: Server;Ltype: Kex;Remote: 192.168.42.106-35194;Enc: aes128-ctr;MAC: umac-64-etm@openssh.com;Comp: none

Mar 02 13:39:41 [1squashmount_flush] squashmount flush finished.

Mar 02 13:39:41 [fcron] Job run-parts /etc/cron.hourly terminated (exit status: 1)
```

Maybe these issues are related? What is wrong with that system-auth?

I even thought if I would need pam at all, but I guess using pam_mount I can't get around without pam?

As pam has changed in the years, is this old 2007 post still valid? linuxquestions.org...pam_mount-problems-in-ssh-on-gentoo-553741/..

Best regards,

Massimo

----------

## Massimo B.

Again encountering this issue, I find my own posts in the net, unanswered...

My current setup, working for local logins but pam_mount failing for ssh logins:

```
auth       include      system-remote-login

account    include      system-remote-login

password   include      system-remote-login

session    include      system-remote-login

```

```
auth            include         system-login

account         include         system-login

password        include         system-login

session         include         system-login

```

```

auth            required        pam_tally2.so onerr=succeed

auth            required        pam_shells.so 

auth            required        pam_nologin.so 

auth            include         system-auth

account         required        pam_access.so 

account         required        pam_nologin.so 

account         include         system-auth

account         required        pam_tally2.so onerr=succeed 

password        include         system-auth

session         optional        pam_loginuid.so

session         required        pam_env.so 

session         optional        pam_lastlog.so silent 

session         include         system-auth

session         optional        pam_ck_connector.so nox11

session         optional        pam_motd.so motd=/etc/motd

session         optional        pam_mail.so

```

```

auth            required        pam_env.so 

auth            optional        pam_mount.so 

auth            required        pam_unix.so try_first_pass likeauth nullok 

auth            optional        pam_permit.so

account         required        pam_unix.so 

account         optional        pam_permit.so

password        required        pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 

password        required        pam_unix.so try_first_pass use_authtok nullok sha512 shadow 

password        optional        pam_permit.so

session         required        pam_limits.so 

session         required        pam_env.so 

session         required        pam_unix.so 

session         optional        pam_permit.so

session         optional        pam_mount.so

```

```
Oct 07 08:15:36 [sshd] Accepted publickey for massimo from 94.... port 37063 ssh2: RSA SHA256:QXc...

Oct 07 08:15:36 [sshd] pam_unix(sshd:session): session opened for user massimo by (uid=0)

Oct 07 08:15:36 [sshd] (pam_mount.c:173): conv->conv(...): Conversation error_

Oct 07 08:15:36 [sshd] (pam_mount.c:477): warning: could not obtain password interactively either_

Oct 07 08:15:38 [sshd] (mount.c:68): Messages from underlying mount program:_

Oct 07 08:15:38 [sshd] (mount.c:72): crypt_activate_by_passphrase: Operation not permitted_

Oct 07 08:15:38 [sshd] (pam_mount.c:522): mount of /dev/disk/by-uuid/cfd4... failed_

```

Any idea?

As for the linuxquestions links above, my includes are quite right, doing the same auths as the local login. And Kerberos I don't use afaik.

----------

## Massimo B.

Correction, I was using login by key, but also deleting the key on the target and entering pam_mount password, the log looks like this:

```

Oct 07 09:09:12 [sshd] Accepted keyboard-interactive/pam for massimo from 94... port 37277 ssh2

Oct 07 09:09:12 [sshd] pam_unix(sshd:session): session opened for user massimo by (uid=0)

Oct 07 09:09:12 [sshd] (pam_mount.c:173): conv->conv(...): Conversation error_

Oct 07 09:09:12 [sshd] (pam_mount.c:477): warning: could not obtain password interactively either_

Oct 07 09:09:14 [sshd] (mount.c:68): Messages from underlying mount program:_

Oct 07 09:09:14 [sshd] (mount.c:72): crypt_activate_by_passphrase: Operation not permitted_

Oct 07 09:09:14 [sshd] (pam_mount.c:522): mount of /dev/disk/by-uuid/cfd... failed_

Oct 07 09:09:16 [kernel]  sdb: unknown partition table

```

Login remote as user via SSH: $HOME is not mounted

su - to root and su - back to my user makes the $HOME mounted as real local logins.

----------

## Massimo B.

Working now with

```
ChallengeResponseAuthentication no
```

What does this "challenge-response authentication" mean for sshd any why does it forward the password to pam_mount only with that disabled?

EDIT: Answered in ../pam-mount/../bugs.txt

----------

