# PAM configuration for HashiCorp vault-ssh-helper



## shadow_pudge_killer_2001 (Aug 12, 2021)

I need to use one-time passwords to login on my FreeBSD machine and password verification success:

```
Aug 12 15:29:03 host sshd[5466]: in openpam_dispatch(): /usr/lib/pam_exec.so.6: pam_sm_authenticate(): Success
Aug 12 15:29:03 host sshd[5464]: Accepted keyboard-interactive/pam for user from 127.0.0.1 port 21485 ssh2
```

But connection close immediately:

```
Connection to 127.0.0.1 closed by remote host.
Connection to 127.0.0.1 closed.
```

With this error in logs:

```
Aug 12 15:29:03 host sshd[5464]: in pam_vprompt(): entering
Aug 12 15:29:03 host sshd[5464]: in pam_get_item(): entering: PAM_CONV
Aug 12 15:29:03 host sshd[5464]: in pam_get_item(): returning PAM_SUCCESS
Aug 12 15:29:03 host sshd[5464]: in pam_vprompt(): returning PAM_CONV_ERR
Aug 12 15:29:03 host sshd[5464]: in pam_get_authtok(): returning PAM_CONV_ERR
Aug 12 15:29:03 host sshd[5464]: in _pam_exec(): pam_sm_setcred: pam_get_authtok(): Conversation failure
Aug 12 15:29:03 host sshd[5464]: in openpam_free_envlist(): entering
Aug 12 15:29:03 host sshd[5464]: in openpam_free_envlist(): returning
Aug 12 15:29:03 host sshd[5464]: in openpam_dispatch(): /usr/lib/pam_exec.so.6: pam_sm_setcred(): System error
Aug 12 15:29:03 host sshd[5464]: fatal: PAM: pam_setcred(): System error
```

My pam.d/sshd auth config:

```
auth            requisite       pam_exec.so             debug expose_authtok /usr/local/bin/vault-ssh-helper -config=/etc/vault-ssh-helper.d/config.hcl
auth            optional        pam_unix.so             use_first_pass
```

I really don't know what to do with pam_vprompt (). Can you help me???


----------

