LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-04-2012, 05:53 AM   #1
petost
LQ Newbie
 
Registered: Sep 2012
Posts: 10

Rep: Reputation: Disabled
ssh problems


Hi!

I'm totally new and at loss so I guess this is the right forum.

I have a netgear nas that I want to access with ssh.
If I do this:
Quote:
ssh root@nas
I get a password question and get in. Everything fine.
If I do this:
Quote:
ssh username@nas
I get the password question. If I answer with the wrong password it repeats. If I answer with the wight password I get:
Quote:
Last login:...
Linux Nas 2.6.37.6.RNx86_64.2.1 #1 SMP ...
Last login:...
Connection to nas closed.
I use git bash to connect.
I have tried using puttywith full log and get the message
Quote:
Server sent command exit status 1
Any ideas?
 
Old 09-04-2012, 06:51 AM   #2
torchnw
LQ Newbie
 
Registered: Jun 2008
Distribution: Ubuntu, Debian, Mint, Fedora, Arch
Posts: 23

Rep: Reputation: 4
On the NAS as root, try

Code:
grep username /etc/passwd
Output should be something like

Code:
username:x:500:500:Username:/home/username:/bin/bash
If the last part says something like /bin/false, it means the user is not associated with a login shell.
 
1 members found this post helpful.
Old 09-06-2012, 05:27 AM   #3
petost
LQ Newbie
 
Registered: Sep 2012
Posts: 10

Original Poster
Rep: Reputation: Disabled
Hi torchnw!

Thanks for your reply.
The output was
Quote:
username:x:101:100::/c/home/username:bin/false
So I used vi to edit /etc/passwd and changed /bin/false to /bin/bash

Now when I try to ssh I get
Quote:
Permission denied (publickey,password)
I have a certificate for my user. I have tried to
Quote:
scp ~/.ssh/id_rsa.pub username@nas:~
but this is denied with the same Permission denied (publickey,password) as above.(
If I do it for the root@nas I get to answer the passphrase of the certificate instead and can log in so I guess my certificate gets connected to the wrong user, root instead of username.
 
1 members found this post helpful.
Old 09-06-2012, 07:00 AM   #4
mandyapenguin
Member
 
Registered: Nov 2011
Location: India
Distribution: RedHat, Cent OS, Fedora, Debian, Ubuntu
Posts: 106

Rep: Reputation: Disabled
Make sure that whether password is not locked for this user.
Code:
passwd -S username
if the 2nd field of above command's output is L or LK then the password is locked for this user and there is no remote access using this username even this user's shell is /bin/bash.
Code:
username L 09/06/2012 0 99999 7 -1
So to unlock the password try
Code:
passwd -u username
Now you will be able to login using ssh username@nas command only if you provide correct password. If you are still getting the same error then you once reset the password for this user. And also check user's password expiry date, accout expirtion/inactive etc.. using
Code:
chage -l username

Last edited by mandyapenguin; 09-06-2012 at 07:03 AM.
 
Old 09-06-2012, 07:15 AM   #5
petost
LQ Newbie
 
Registered: Sep 2012
Posts: 10

Original Poster
Rep: Reputation: Disabled
I tried some more:
Quote:
ssh -l root -v
...
debug1: Authentication that can continue: publickey,password
debug1: Next authentication method: public key
debug1: Trying private key: /c/.../identity
debug1: Offering public key: /c/.../id_rsa
debug1: Server accepts key pkalg ssh-rsa blen 277
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/c/.../id_rsa':
And the key works

Quote:
ssh -l username -v
...
debug1: Authentication that can continue: publickey,password
debug1: Next authentication method: public key
debug1: Trying private key: /c/.../identity
debug1: Offering public key: /c/.../id_rsa
debug1: Authentication that can continue: publickey,password
debug1: Offering public key: /c/.../id_rsa
debug1: Next authentication method password:
username@NAS password:
This failes. I have reset the username password so I know that it is correct.

So I guess something is wrong with my /.ssh/authenticated_keys.
I have uploaded the public key and added it to the authenticated_keys for the root@NAS user.
When I try to do the same for username@NAS my login fails.

Any ideas?
Peter
 
Old 09-06-2012, 07:19 AM   #6
petost
LQ Newbie
 
Registered: Sep 2012
Posts: 10

Original Poster
Rep: Reputation: Disabled
@mandyapenguin!

Thanks for your reply.

I get this:
Quote:
passwd -S username
username P 09/06/2012 0 99999 7 -1
So I guess its ok or?

Peter
 
Old 09-06-2012, 07:38 AM   #7
rosehosting.com
Member
 
Registered: Jun 2012
Posts: 222

Rep: Reputation: 62
Maybe you didn't set the right permissions for the keys files (600)
Code:
chmod 600 ~/.ssh/id_rsa*
Quote:
Originally Posted by petost View Post
@mandyapenguin!

Thanks for your reply.

I get this:


So I guess its ok or?

Peter
 
Old 09-06-2012, 07:46 AM   #8
petost
LQ Newbie
 
Registered: Sep 2012
Posts: 10

Original Poster
Rep: Reputation: Disabled
@rosehosting
do you mean before uploading/on client?

I did add the content of the id_rsa.pub to the authorized_keys but I think it is located under the root user and not the username (or am I wrong here)?

Peter
 
Old 09-06-2012, 07:59 AM   #9
rosehosting.com
Member
 
Registered: Jun 2012
Posts: 222

Rep: Reputation: 62
Yes.

Basically you should search on google for " PEM_read_PrivateKey failed" error. There may be various reasons for this error.


Quote:
Originally Posted by petost View Post
@rosehosting
do you mean before uploading/on client?

I did add the content of the id_rsa.pub to the authorized_keys but I think it is located under the root user and not the username (or am I wrong here)?

Peter
 
Old 09-06-2012, 08:25 AM   #10
petost
LQ Newbie
 
Registered: Sep 2012
Posts: 10

Original Poster
Rep: Reputation: Disabled
I dont think the "PEM_read_PrivateKey failed" is the problem since that login works (root@NAS).
It is the second that doesnt work.

//Peter
 
Old 09-06-2012, 08:32 AM   #11
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 6,030

Rep: Reputation: 1623Reputation: 1623Reputation: 1623Reputation: 1623Reputation: 1623Reputation: 1623Reputation: 1623Reputation: 1623Reputation: 1623Reputation: 1623Reputation: 1623
Have you ensured that the public key for your user is in /home/username/.ssh and that it is owned by username (you'll probably have to do a chown as root to do this?
To copy the key across initially you should be doing something like:
Code:
scp ~/.ssh/id_rsa.pub root@nas:/home/username/.ssh
 
Old 09-06-2012, 09:39 AM   #12
petost
LQ Newbie
 
Registered: Sep 2012
Posts: 10

Original Poster
Rep: Reputation: Disabled
Tried it but no difference.
 
Old 09-06-2012, 11:39 AM   #13
mandyapenguin
Member
 
Registered: Nov 2011
Location: India
Distribution: RedHat, Cent OS, Fedora, Debian, Ubuntu
Posts: 106

Rep: Reputation: Disabled
Quote:
Originally Posted by petost View Post
Tried it but no difference.
Can you try this once from client PC as username user.
Code:
cd
mv .ssh/ .ssh.back
ssh-keygen -t rsa
ssh-copy-id -i .ssh/id_rsa.pub username@server_IP
ssh username@server_IP (Should login without password)
And also check Password-less logins with OpenSSH
In server check the /etc/ssh/sshd_config file and make sure that whether username is not denied or only root is allowed and denied all user.
Check the /etc/hosts.deny file to make sure that nothing is denied for ssh.
if /etc/nologin file is exist in the server then no one user will be able to login apart from root.

Last edited by mandyapenguin; 09-06-2012 at 12:41 PM.
 
Old 09-07-2012, 03:09 AM   #14
petost
LQ Newbie
 
Registered: Sep 2012
Posts: 10

Original Poster
Rep: Reputation: Disabled
Same result.

couldn't ssh-copy-id because of password request.

Tried creating a new user but unable to logon with that as well (even without certificates)
 
Old 09-07-2012, 05:06 AM   #15
petost
LQ Newbie
 
Registered: Sep 2012
Posts: 10

Original Poster
Rep: Reputation: Disabled
Ok problem solved.

As noted in the beginning I have a Netgear NAS that I am trying to ssh into.

ssh root@nas works
ssh username@nas did not.

I tried adding another user with adduser anotheruser@nas
ssh anotheruser@nas didnt work either.

I checked the /etc/nologin and it was empty but I removed it anyway.

A whereis nologin found another in /usr/sbin/
this was full of hexcode. I removed it without remorse (actually renamed)


Then my anotheruser@nas could log in with ssh. Copied rsa.pub to authorized_keys and I dont need password for that one anymore.

Still username@nas couldnt log in. This user account was created by the readynas web interface and placed in folder /c/home/username/ but my anotheruser was placed in folder /home/anotheruser/
Removed username and recreated it in the shell. Copied authorized_keys to /home/username/.ssh/authorized_keys
Now this one works as well.

Thanks for all help!
//Peter
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH access problems: Can only allow users SSH access by adding to root group dhupke Slackware 10 12-21-2008 10:48 AM
SSH Problems mjchin Linux - Newbie 1 03-18-2008 10:39 PM
SSH problems newbie21209 Linux - Networking 10 06-17-2005 01:01 AM
ssh problems aizkorri Linux - Networking 6 06-07-2004 11:06 AM
ssh problems Lanmate Linux - Software 2 01-23-2004 03:05 PM


All times are GMT -5. The time now is 06:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration