LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-13-2013, 11:43 PM   #1
iprince
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Rep: Reputation: Disabled
Unable to remote ssh login (permission denied)


Hi,

Im using RHEL 6. I have setup two user accounts as below:

1. john (home dir: /home/john)
2. robert (home dir: /home/john/robert)

After I setup both account, I’ve no problem to login using john account from remote terminal but login using robert was failed with error message ‘permission denied’.

This only happened when I used remote terminal to login but if used switch user (su –l robert) internally from the server which the user account robert was created, I managed to login.

My early assumption was this error occurred due to home dir of robert which was setup under john home dir. Unfortunately changing the permission of home dir also didn’t give any helps.

And fyi, I have no problem to login using other user accounts including root as these account home directories are independently setup unlike john and robert accounts.

I wonder if anyone has encountered the same issue when setting up such users account/home directories?

Really appreciate of your advice. Thanks.

Last edited by iprince; 06-13-2013 at 11:44 PM.
 
Old 06-13-2013, 11:49 PM   #2
iprince
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
Some additional information

# The error message when I tried to login from remote terminal
[root@lnx-test04 ~]# ssh lnx-test07 -l robert
robert@lnx-test07's password:
Permission denied, please try again.

# Error message from server lnx-test07 (/var/log/secure) where robert account was created
Jun 13 15:19:22 lnx-test07 sshd[17296]: pam_exec(sshd:auth): /usr/local/sbin/pam_check_home_dir.sh failed: exit code 1
Jun 13 15:19:24 lnx-test7 sshd[17296]: Failed password for robert from 172.xxx.xxx.xxx port 53626 ssh2

# Successfully login to robert account via (su – l spccaps) from the server where the robert account was created
[root@lnx-test04 ~]# su - robert
[robert@lnx-test04 ~]$

Appreciate of your help/advice. Thanks.

Last edited by iprince; 06-13-2013 at 11:50 PM.
 
Old 06-14-2013, 12:13 AM   #3
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 835

Rep: Reputation: 165Reputation: 165
What does the shell script /usr/local/sbin/pam_check_home_dir.sh do?
 
Old 06-14-2013, 12:17 AM   #4
iprince
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
Hi Z038,

This is the content of /usr/local/sbin/pam_check_home_dir.sh script. Please advice. Thanks.

#!/bin/sh
if [ -z "${PAM_USER}" ]; then
echo 'this script must be executed by PAM';
exit 1;
fi;

if [ $( id -u "${PAM_USER}" ) -eq 0 ]; then
test -d "/${PAM_USER}/";
else
test -d "/home/${PAM_USER}/";
fi;
## end-of-file
 
Old 06-14-2013, 12:29 AM   #5
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 835

Rep: Reputation: 165Reputation: 165
This section of the script

Code:
f [ $( id -u "${PAM_USER}" ) -eq 0 ]; then
test -d "/${PAM_USER}/";
else
test -d "/home/${PAM_USER}/";
fi;
is checking whether the user's home directory exists as /<username> or /home/<username>.

That check will be successful for /home/john, but not for /home/john/robert. A home for john of /john would also work. So would /robert, or /home/robert.

You need to give robert a home of /robert or /home/robert.
 
Old 06-14-2013, 12:29 AM   #6
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD
Posts: 2,116

Rep: Reputation: 330Reputation: 330Reputation: 330Reputation: 330
Are you using pubkey authentication or password authentication? If it's pubkey, you may have a directory/file permission problem. For OpenSSH with pubkey authentication, the $HOME directory, the .ssh subdirectory, and the authorized_keys file can not be writeable by anyone but the owner, else remotely logging in will fail. Having the 'robert' $HOME as a subdirectory under the 'john' $HOME might cause permissions issues. Can't say I've ever tried that particular setup to know from experience.

I also see mention of "ssh2" in one of your log messages, and I believe that "2" is normally associated with Tectia SSH. Are you using Tectia or OpenSSH?
 
Old 06-14-2013, 12:35 AM   #7
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD
Posts: 2,116

Rep: Reputation: 330Reputation: 330Reputation: 330Reputation: 330
Looks like Z038 has your answer. He posted at the same time I was typing. I didn't look at your PAM script closely, but Z038 did, and pointed out the problem with the script. I'm not sure why the script would want to enforce a strict convention for $HOME directories anyway. True, most people put users under /home, but I've seen plenty of cases where that isn't true, and it's weird that PAM would try to enforce that convention.
 
Old 06-14-2013, 01:42 AM   #8
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
Normally users home dirs are under /home, except for root user, which is under '/'.
Why on earth would you put one inside another; I can't believe that won't lead to problems (as you've seen).
 
Old 06-14-2013, 02:59 AM   #9
iprince
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
Thanks Z038, haertig and chrism01 for your feedback.

FYI, I am migrating application from hp-ux to Linux and suddenly hit by this issue.
It's totally worked in HP-UX (it was run for years) but not Linux. By the way, is there still a way to carry similar account setup in Linux?

Your advice is highly appreciated. Thanks.

Last edited by iprince; 06-14-2013 at 03:00 AM.
 
Old 06-14-2013, 03:45 AM   #10
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
You'd obviously have to edit that PAM shell file.
I still think its bad design, even on HP-UX; I've never seen it before.
 
Old 06-17-2013, 05:52 AM   #11
iprince
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
Thanks everyone for the help.
It solved my issue by changing the script.

Last edited by iprince; 06-17-2013 at 05:54 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] URGENT::Unable to open pty: Permission denied while trying to login to vps node dontob Linux - Newbie 2 03-08-2011 06:14 AM
I am unable to exit my script that uses ssh to login to a remote server jtbinuya Linux - Newbie 2 06-12-2008 11:17 PM
ssh login error : Permission denied, please try again powah Linux - Security 3 07-12-2007 01:32 AM
ssh login with normal user, receive: /dev/null: Permission denied mark78301 Red Hat 3 11-12-2005 10:20 AM


All times are GMT -5. The time now is 01:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration