User unable to log in via SSH, but only that user
I created a VM by copying a gold image that we have. I then created a user for our customer. I set his password and informed him of it. He attempted to log in. The SSH connection was established, but his password is denied. I've deleted and recreated the account, verfied I can log in using my username/password.
The only thing I've seen out of the ordinary is that setting DEBUG in sshd_config displays "unable to open /var/log/btmp: file does not exist" in /var/log/secure. Anyone have any idea why this would be happening? |
@ Reply
Hi there,
Here are few questions and suggestions: 1. Which distribution of linux this is. 2. How did you create his account? Using command line or using gui? If using command line, did you give a try re-creating his account using gui. 3. Only his user account is having problem or couple of other user accounts as well? 4. If you have created the user account using command line. Did you created his home directory? If yes, did you copy everything under /etc/skel to his home directory. 5. Is he having full access on his home directory and is he the owner of the it. 6. Do you see anything in /var/log/messages when he tries to ssh. If yes, please paste the output here. |
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
|
Quote:
Is your account logging in using rsa/dsa passwd? If so, Is your passwd the same as your rsa/dsa key? |
Quote:
How do I check if I'm using rsa/dsa? |
Quote:
Enter passphrase for key '/home/<user>/.ssh/id_dsa': What do these lines in your /etc/ssh/sshd_config look like? #RSAAuthentication yes #PubkeyAuthentication yes . . . #PasswordAuthentication no #PermitEmptyPasswords no |
Those lines don't actually exist. The image was created before I got here and the sshd_config file is quite minimalistic:
Compression yes UseDNS no TCPKeepAlive no ClientAliveCountMax 0 ClientAliveInterval 600 PermitEmptyPasswords no #PubkeyAuthentication yes PubkeyAuthentication no PermitRootLogin no #PasswordAuthentication yes Port 22 Protocol 2 ListenAddress 10.153.106.205 Subsystem sftp /usr/libexec/openssh/sftp-server SyslogFacility AUTHPRIV UsePrivilegeSeparation yes X11Forwarding no Ciphers aes128-ctr,aes192-ctr,aes256-ctr Ciphers aes128-ctr,aes192-ctr,aes256-ctr UsePAM yes |
@ Reply
Pretty interesting issue. I tried to duplicate this but was not able to exactly duplicate. I succeeded in creating user accounts without having ssh access but with different error messages not with the one which you are getting.
There might be some parameters set in /etc/default/useradd or /etc/login.defs which is resulting in user account creation without ssh access. Chances are also there that a parameter is set in /etc/pam.d/login to prevent ssh login Paste the output of above mentioned files and lets see what we can come up with. |
Also, can you try ssh -vvv blah .. shows more detail
|
Any AllowUsers specified in /etc/ssh/sshd_config which disallow the login for the new user?
|
No. My sshd_config is posted above. Nothing blocking specific users.
|
As you wrote it’s a VM: there are outside ports defined on the real machine which are mapped to the individual virtual machines’s port 22?
|
SSH is open on the cloud firewall (cloud being what they call it. Personally, I loathe that word for this technology). I've created VMs using other images that don't have this problem.
|
@ Reply
@ theillien
Did you check the files which I mentioned before. @ Reuti Does not appear to be firewall/ports issue the reason being one user is able to login. I can think of tcp wrappers but I am guessing that he is using the same machine to ssh this machine using his account and problematic user account. So tcp wrappers will not come in picture. |
I have not had an opportunity yet. I'll post them as soon as I'm able.
|
All times are GMT -5. The time now is 10:22 AM. |