Ubuntu 8.10 server log in prompt repeats

tazizhere · 04-08-2009, 05:22 PM

First off, new at the Linux thing but looks like I am not alone.

I have a Pentium machine with a dual boot of Ubuntu 8.10 server and XP. It is a simple box, mostly a file and print server for a home office. I boot into Linux once the house is asleep and start learning.

I have Webmin installed on the box to help me become familiar with what is what. After trying to share the printer over and over again I must of hit the wrong button. Now, when I boot into Ubuntu the log in box comes up, I type in my user name and password, hit enter, it pauses and the log in box comes up again. This happens over and over and over. Now, if I type in a wrong password I will get 'accessed denied' but the right password does not give any kind of message except 'username:'.

I can access it through webmin which is weird, I have tried resetting the password on my account several times, I have created a new user and password but that also just keeps the log in box repeating. There is no 'x' desktop installed, this is just plain server.

I can reinstall Linux and start over, no harm done, but would rather not.
Any insights? And thank you in advance.

-

Meson · 04-08-2009, 10:12 PM

Boot into system recovery mode from GRUB and check out auth.log. Try to paste a relevant chunk. I've had this happen to me before for various and can't remember what was doing it for every occasion. Maybe some good info from auth.log will ring a bell.

Did you play around with anything in /etc/pam.d?

tazizhere · 04-08-2009, 10:33 PM

Seeing a pattern here, now where is that setting "AllowUsers". You can ignore that "invalid password", that is when I was seeing if it was authenticating anything. And, if you could, talk to me like I'm 4....I am still learning all of this. It's like facing DOS all over again....except with more switches. Thank you for taking the time to help on this.

Apr 7 00:00:01 hhids CRON[5103]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 7 00:00:01 hhids CRON[5103]: pam_unix(cron:session): session closed for user root
Apr 7 00:00:49 hhids sshd[5170]: Did not receive identification string from 192.168.1.102
Apr 7 00:09:01 hhids CRON[5423]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 7 00:09:01 hhids CRON[5423]: pam_unix(cron:session): session closed for user root
Apr 7 00:09:03 hhids sshd[5421]: User root from main.local not allowed because not listed in AllowUsers
Apr 7 00:09:03 hhids sshd[5421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=main.local user=root
Apr 7 00:09:05 hhids sshd[5421]: Failed none for invalid user root from 192.168.1.103 port 4748 ssh2
Apr 7 00:09:07 hhids sshd[5421]: Failed password for invalid user root from 192.168.1.103 port 4748 ssh2
Apr 7 00:10:01 hhids CRON[5482]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 7 00:10:02 hhids CRON[5482]: pam_unix(cron:session): session closed for user root
Apr 7 00:17:01 hhids CRON[5687]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 7 00:17:01 hhids CRON[5687]: pam_unix(cron:session): session closed for user root
Apr 7 00:20:01 hhids CRON[5813]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 7 00:20:01 hhids CRON[5813]: pam_unix(cron:session): session closed for user root
Apr 7 00:22:36 hhids sshd[5879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=main.local user=tazizhere
Apr 7 00:24:12 hhids sshd[5888]: User root from main.local not allowed because not listed in AllowUsers
Apr 7 00:24:12 hhids sshd[5888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=main.local user=root
Apr 7 00:24:14 hhids sshd[5888]: Failed none for invalid user root from 192.168.1.103 port 4811 ssh2
Apr 7 00:24:18 hhids sshd[5888]: Failed password for invalid user root from 192.168.1.103 port 4811 ssh2
Apr 7 00:30:01 hhids CRON[5890]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 7 00:30:01 hhids CRON[5890]: pam_unix(cron:session): session closed for user root
Apr 7 00:39:01 hhids CRON[5949]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 7 00:39:01 hhids CRON[5949]: pam_unix(cron:session): session closed for user root
Apr 7 00:40:01 hhids CRON[5985]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 7 00:40:02 hhids CRON[5985]: pam_unix(cron:session): session closed for user root
Apr 7 00:50:01 hhids CRON[6044]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 7 00:50:01 hhids CRON[6044]: pam_unix(cron:session): session closed for user root
Apr 7 01:00:01 hhids CRON[6104]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 7 01:00:01 hhids CRON[6104]: pam_unix(cron:session): session closed for user root
Apr 7 01:09:01 hhids CRON[6163]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 7 01:09:01 hhids CRON[6163]: pam_unix(cron:session): session closed for user root
Apr 7 01:10:01 hhids CRON[6199]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 7 01:10:02 hhids CRON[6199]: pam_unix(cron:session): session closed for user root
Apr 7 01:17:01 hhids CRON[6258]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 7 01:17:01 hhids CRON[6258]: pam_unix(cron:session): session closed for user root
Apr 7 01:20:01 hhids CRON[6290]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 7 01:20:01 hhids CRON[6290]: pam_unix(cron:session): session closed for user root
Apr 8 22:27:29 hhids sshd[4231]: Server listening on :: port 22.
Apr 8 22:27:29 hhids sshd[4231]: Server listening on 0.0.0.0 port 22.
Apr 8 22:30:01 hhids CRON[4809]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 8 22:30:03 hhids CRON[4809]: pam_unix(cron:session): session closed for user root

tazizhere · 04-08-2009, 10:35 PM

**Also, didn't mess with anything (that I know of) in the pam.d file.

Meson · 04-09-2009, 12:40 AM

It's normal to see a lot of these
cron is like the windows task scheduler, it runs at regular intervals
Code:
```
Apr  7 00:00:01 hhids CRON[5103]: pam_unix(cron:session): session opened for user root by (uid=0)
```

This happened because you tried to log in as root over SSH.
By default, ssh root logins are disabled; you should leave it that way. In the interest of full discloser, you can changed it in /etc/ssh/sshd_config

Code:

Apr  7 00:09:03 hhids sshd[5421]: User root from main.local not allowed because not listed in AllowUsers
Apr  7 00:09:03 hhids sshd[5421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=main.local  user=root
Apr  7 00:09:05 hhids sshd[5421]: Failed none for invalid user root from 192.168.1.103 port 4748 ssh2
Apr  7 00:09:07 hhids sshd[5421]: Failed password for invalid user root from 192.168.1.103 port 4748 ssh2

This looks like you started to log in but never followed through.

Code:

Apr  7 00:00:49 hhids sshd[5170]: Did not receive identification string from 192.168.1.102

tazizhere · 04-09-2009, 11:18 PM

Well, after a coin toss last night I did a re-install of Ubuntu 8.10. Starting over again. Probably not a bad thing though. I did some more research and I think it is something I did to the sudoers file. Didn't do the "sudovi" or whatever it said to edit the file with. It at least made me join this site, I am sure I will be back. The only goal I have for this box is to share 2 directories, share a printer and then perform nightly backups. To those in the "know" this is a simple task. Me, probably a couple more weeks. Going to try to stay out of webmin this time though.

Thanks for replying.

-Jeff