LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 11-06-2012, 06:44 AM   #1
gurunarayanan
LQ Newbie
 
Registered: Aug 2012
Posts: 7

Rep: Reputation: Disabled
Passwordless ssh works. Normal login/ssh Fails.


Hi,
I have RHEL vms. Everything used to work fine. But suddenly, i see that i am not able to ssh into the vm. It says Permission denied. i know that i am giving the correct password. So, i tried logging in through console, that also failed.
I have another VM from which i had configured passwordless ssh to this one. So, i try ssh from that machine. This works. So, i logged in to the machine this way and changed passwd (thinking somebody might have changed password), but logging in with new password also fails. I tried changing password from single user mode, again, the new password didnt work.
Passwordless ssh (using public key) works though. Can somebody help me in figuring out what went wrong?

Regards,
Guru
 
Old 11-06-2012, 07:24 AM   #2
mandyapenguin
Member
 
Registered: Nov 2011
Location: India
Distribution: RedHat, Cent OS, Fedora, Debian, Ubuntu
Posts: 106

Rep: Reputation: Disabled
In server make sure whether password is not locked for this user using
Code:
passwd -S username
as root user.
If you find as "L" or "LK" in the 2nd field from the above command's output then password for this user is locked. To unlock the password run
Code:
passwd -u username
 
Old 11-06-2012, 07:39 AM   #3
gurunarayanan
LQ Newbie
 
Registered: Aug 2012
Posts: 7

Original Poster
Rep: Reputation: Disabled
Thanks for ofering help. But it didn't work.
When i give passwd -S root, the ouput is
root PS 2012-11-06 0 99999 7 -1 (Password set, MD5 crypt.)
(No L or LK). Nevertheless i proceeded and gave passwd -u root.
Unlocking password for user root.
passwd: Success.

But still i am not able to login by entering password. ( I even tried giving "Success." as password)..
 
Old 11-06-2012, 08:03 AM   #4
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,797
Blog Entries: 4

Rep: Reputation: 285Reputation: 285Reputation: 285
Did you make any changes in /etc/ssh/sshd_config file? In this file, once check the value of PermitRootLogin. It must be set to "yes", else root will not be allowed to login through ssh.
 
Old 11-06-2012, 08:19 AM   #5
gurunarayanan
LQ Newbie
 
Registered: Aug 2012
Posts: 7

Original Poster
Rep: Reputation: Disabled
No, I didn't change anything there. And PermitRootLogin is Yes. I checked /etc/hosts.allow /etc/hosts.deny. Both files don't have any entries. selinux is disabled, and iptables is off.

The following is the content of sshd_config. I don's see anything strange here. Please check if something falls in your eyes.
#Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
 
Old 11-06-2012, 10:05 AM   #6
mandyapenguin
Member
 
Registered: Nov 2011
Location: India
Distribution: RedHat, Cent OS, Fedora, Debian, Ubuntu
Posts: 106

Rep: Reputation: Disabled
Checked by adding your configurations to /etc/ssh/sshd_config file and found it is working fine. So can you just do
Code:
service sshd restart
and recheck it again?
 
Old 11-07-2012, 12:30 PM   #7
gurunarayanan
LQ Newbie
 
Registered: Aug 2012
Posts: 7

Original Poster
Rep: Reputation: Disabled
Sorry for the late reply. i had actually given up on this. i had restarted the service several times. Nothing seems to work.
 
Old 11-08-2012, 02:46 AM   #8
mandyapenguin
Member
 
Registered: Nov 2011
Location: India
Distribution: RedHat, Cent OS, Fedora, Debian, Ubuntu
Posts: 106

Rep: Reputation: Disabled
Quote:
I have RHEL vms. Everything used to work fine. But suddenly, i see that i am not able to ssh into the vm.It says Permission denied. i know that i am giving the correct password. So, i tried logging in through console, that also failed.
Are you able to login to ssh server using other username of ssh server?
Can you create one more account in the same VM(ssh client PC), and try to login by providing root's password of remote PC using this new user, and ensure that you can login to that?

I don't know your current network setup in VMs i.e NAT, Bridged, Host only etc.
Are both IPs in the same network and able to ping from both side?
And also I don't know that how many interface you have connected in VMs. check which interface is connected using
Code:
mii-tool
command, then you may get output like below
Code:
eth0: negotiated 100baseTx-FD flow-control, link ok
eth3: no link
Then make sure whether connected interface IP is correct.

Are you able to login locally in ssh server itself?
Code:
ssh root@localhost
Quote:
I have another VM from which i had configured passwordless ssh to this one. So, i try ssh from that machine. This works.
Can you create one more account in that VM(ssh client PC), and try to login by providing root's password of remote PC using that new user, and ensure that you can login to that?
Can you post the below command's output of ssh server
Code:
sestatus
service iptables status
iptables -L
netstat -ntuelp | grep ssh

Last edited by mandyapenguin; 11-08-2012 at 02:48 AM.
 
Old 11-08-2012, 05:03 AM   #9
gurunarayanan
LQ Newbie
 
Registered: Aug 2012
Posts: 7

Original Poster
Rep: Reputation: Disabled
It has got nothing to do with network. Not even firewall. Something on the paswword authentication is screwed. I am not able to login using any user. or from the same user to itself. however, if i configure passwordless ssh, all works.(from same-machine/different machine)
 
Old 11-08-2012, 05:42 AM   #10
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,797
Blog Entries: 4

Rep: Reputation: 285Reputation: 285Reputation: 285
Quote:
Originally Posted by gurunarayanan View Post
It has got nothing to do with network. Not even firewall. Something on the paswword authentication is screwed. I am not able to login using any user. or from the same user to itself. however, if i configure passwordless ssh, all works.(from same-machine/different machine)
Once look into the /etc/shadow file on system in which you're trying to login. Second field of this file, against every username, contains encrypted password for it's corresponding username. So if there's really some pb with password, then shadow file's second field will look wierd (containing a long string of unusual dizzy character). And if it is, then manually edit the /etc/shadow file and remove it's second field for affected accounts & left the 2nd i.e. password field empty. Then again change the password using "passwd <username>" command and try to login into that machine from some remote machine using new password. Hope it will help!
 
  


Reply

Tags
permission denied


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH passwordless login fails at send_pubkey_test HGScherneck Linux - Software 7 01-20-2012 11:01 AM
Passwordless SSH login triley Linux - General 3 11-14-2008 04:07 PM
Passwordless SSH works... but not with a command Zxian Linux - Networking 5 05-23-2008 04:59 PM
passwordless SSH works for root but not www-data zovres Linux - General 1 07-26-2006 12:31 PM
Passwordless SSH with SSH commercial server and open ssh cereal83 Linux - General 7 04-18-2006 01:34 PM


All times are GMT -5. The time now is 04:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration