Hello, i am using openssh 4.3
Connecting raw to the server i get this header
"SSH-1.5-OpenSSH_4.3"

I built from source using the default options; configure, make and make
install.

The following is my sshd_config:

Port 22
Protocol 2,1
HostKey /usr/local/etc/ssh_host_key
StrictModes yes
MaxAuthTries 6
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
UseLogin no
UsePrivilegeSeparation yes
PermitUserEnvironment no

My goal using this config mainly is to have it so a user must have a copy of
the private key, and their public key must be in the authorized_keys file
for that user.



What i would also like to do is have a passphrase for the private key. When
i do so with ssh-keygen, sshd wont load. a "cant load key" type of message
is given.

Secondly, if the user has the private key, and their public key is in the
authorized_key file, i would like sshd to then further authenticate with the
users local password. How can i make it so that PKA, passphrase and
password authentication both take place?

Currently with this config, when the user connects, the client tries PKA. if
successful, they are dropped to a shell. If PKA is not successful, they are
given a password prompt, to which the correct user password does not
succeed. I want to add a passphrase, and also require password
authentication following the PKA.


I created my public/private keys using this:
ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N "passphrase"

However, adding a passphrase to the private key causes sshd's failure to
load. Leaving it null causes sshd to load.