LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-04-2011, 07:47 AM   #1
bino25
Member
 
Registered: Dec 2010
Posts: 45

Rep: Reputation: 11
ssh access denied


Howdy all...

I am having a weird issue with ssh. I have a user trying to ssh via putty from a windows server. When he tries to use his account, he keeps getting access denied (I just created his). I temporarily changed my user account password just to have him try that and rule out putty, and he's able to connect with my id.

My hosts.allow and hosts.deny are empty. There is an AllowUsers entry in the sshd_config file which I added him to and restarted ssh (service sshd restart). He's still getting access denied with his account, but he can still log in with my user account.

I know we should be using key authentication, but I just started here and have not implemented that yet.

Any ideas on why I'm getting access denied for his user account?
 
Old 02-04-2011, 08:22 AM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,822

Rep: Reputation: 610Reputation: 610Reputation: 610Reputation: 610Reputation: 610Reputation: 610
What does your auth log say? (/var/log/secure or /var/log/auth*log)
 
Old 02-04-2011, 08:59 AM   #3
bino25
Member
 
Registered: Dec 2010
Posts: 45

Original Poster
Rep: Reputation: 11
secure log shows:

sshd[7638]: Failed password for jsmith from ::ffff:xxx.xx.xx.xx port 1055 ssh2 => I obviously x'd out the ip address and I'm definitely using the correct password


they don't have authlog enabled...
 
Old 02-04-2011, 09:17 AM   #4
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,528

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
In your ssh conf, try to comment out
Code:
AllowGroups users
AllowUsers username
Kind regards
 
Old 10-18-2011, 02:28 AM   #5
evilmegaman
LQ Newbie
 
Registered: Aug 2005
Location: Seattle, WA
Distribution: Desktop: Fedora, Server: Debian (stable)
Posts: 8

Rep: Reputation: 0
I'm having the EXACT same problem. commented out AllowUsers.. i've created and deleted multiple accounts, but only this one specific account is just flat out getting ACCESS DENIED every time. I'm so tired I've been working on this for hours Idk what to do. this post is kinda a placeholder for possible info by morning... if no response, I'll double post with some extra info too tired now though
 
Old 10-18-2011, 03:52 AM   #6
phaemon
Member
 
Registered: Jul 2011
Posts: 40

Rep: Reputation: 5
Perhaps try deleting the .ssh directory for that user and see if that fixes it. Otherwise, I assume ssh is checking the password against /etc/shadow so maybe see if that user has something different than the other users have?
 
Old 10-18-2011, 06:06 AM   #7
singhjc
Member
 
Registered: Nov 2010
Location: Moradabad
Distribution: Redhat,Centos
Posts: 31

Rep: Reputation: 1
hi have you checked by /etc/ssh/sshd_config in the bottom of this file there is a line like

RootPermitlogin no

line will be there if it is there then remove this line or comment # and after that restart service sshd and try to login
 
Old 10-18-2011, 07:02 AM   #8
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,194
Blog Entries: 4

Rep: Reputation: 221Reputation: 221Reputation: 221
Can you post your

Code:
/etc/ssh/sshd_confif

file
 
Old 10-18-2011, 11:10 AM   #9
evilmegaman
LQ Newbie
 
Registered: Aug 2005
Location: Seattle, WA
Distribution: Desktop: Fedora, Server: Debian (stable)
Posts: 8

Rep: Reputation: 0
I tried commenting out permitrootlogin... nada. Here's a run down of what it looks like to login as the different users(via any ssh client really, but in this case copying out of putty).
Quote:
login as: payton
Debian GNU/Linux 6.0 \n \l

suck my d and b
payton@192.168.0.6's password:
Access denied
payton@192.168.0.6's password:
Quote:
login as: robert
Debian GNU/Linux 6.0 \n \l

suck my d and b
robert@192.168.0.6's password:
Linux cary 2.6.32-5-686 #1 SMP Mon Oct 3 04:15:24 UTC 2011 i686

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have mail.
Last login: Tue Oct 18 09:00:05 2011 from 192.168.0.2
robert@cary:~$
Quote:

login as: meowlie
Debian GNU/Linux 6.0 \n \l

suck my d and b
meowlie@192.168.0.6's password:
Linux cary 2.6.32-5-686 #1 SMP Mon Oct 3 04:15:24 UTC 2011 i686

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Oct 18 08:57:04 2011 from 192.168.0.2
meowlie@cary:~$
Quote:
# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
#PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#Allows specific users access. Comment if you want all users to access. bad idea
AllowUsers root robert meowlie payton

ClientAliveInterval 1200
ClientAliveCountMax 0

Banner /etc/issue

Last edited by evilmegaman; 10-18-2011 at 11:23 AM.
 
Old 10-19-2011, 04:48 AM   #10
phaemon
Member
 
Registered: Jul 2011
Posts: 40

Rep: Reputation: 5
Well, /etc/sshd_config looks OK, as it should since other users can log in OK.

Things to try:
Triple check the password is correct! Reset it to something and make sure you can log in directly on the server
There's something wrong in the .ssh folder: mv /home/payton/.ssh /home/payton/ssh_backup
Check /etc/passwd and /etc/shadow and see if there's any difference between the payton and robert accounts

Last edited by phaemon; 10-19-2011 at 04:50 AM. Reason: fixed spelling
 
Old 10-19-2011, 06:11 AM   #11
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,194
Blog Entries: 4

Rep: Reputation: 221Reputation: 221Reputation: 221
@reply
Code:
# Authentication:
LoginGraceTime 120
#PermitRootLogin no
StrictModes yes
just make an entry at the bottom of the above mentioned section
Code:
PermitRootLogin yes
--------------------------------------------------------------------

Code:
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
make a change in this entry only if you are using RSA security authentication to connect via ssh

Code:
IgnoreRhosts no
RhostsRSAAuthentication yes
IgnoreUserKnownHosts no

rest everything seems fine
just restart ssh and check..!!
 
Old 10-23-2011, 11:35 PM   #12
evilmegaman
LQ Newbie
 
Registered: Aug 2005
Location: Seattle, WA
Distribution: Desktop: Fedora, Server: Debian (stable)
Posts: 8

Rep: Reputation: 0
some malformed demon combination of those two methods seemed to do the trick. thanks!


adding the AllowGroups option stops sshd from working at all. just thought I'd mention..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh access denied putty IanVaughan Linux - Networking 7 10-15-2015 01:06 AM
Access Denied when connecting to centos VPS via SSH xezesis Linux - Server 4 04-18-2012 11:07 AM
SSH to fedora get access denied after typing in the password. sunskystar Linux - General 6 07-17-2008 10:53 PM
ssh access denied kokotx1981 Linux - Networking 3 01-28-2008 09:49 AM
SSH login ... access denied (suse 9.1) saxxon1 Linux - Networking 3 09-14-2004 02:34 PM


All times are GMT -5. The time now is 09:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration