I created a VM by copying a gold image that we have. I then created a user for our customer. I set his password and informed him of it. He attempted to log in. The SSH connection was established, but his password is denied. I've deleted and recreated the account, verfied I can log in using my username/password.

The only thing I've seen out of the ordinary is that setting DEBUG in sshd_config displays "unable to open /var/log/btmp: file does not exist" in /var/log/secure.

Anyone have any idea why this would be happening?

Hi there,

Here are few questions and suggestions:

1. Which distribution of linux this is.

2. How did you create his account? Using command line or using gui? If using command line, did you give a try re-creating his account using gui.

3. Only his user account is having problem or couple of other user accounts as well?

4. If you have created the user account using command line. Did you created his home directory? If yes, did you copy everything under /etc/skel to his home directory.

5. Is he having full access on his home directory and is he the owner of the it.

6. Do you see anything in /var/log/messages when he tries to ssh. If yes, please paste the output here.

RHEL5.5

There is no GUI, it's a server. I used useradd to create the account.

I tried creating another account and had the same problem. I can't figure out why only my account works.

/etc/skel is copying properly and permissions and ownership are correct.

See above.

The only output is that the password failed and the above issue with /var/log/btmp (I touched the file and that log entry went away). The only other thing I noticed is that it verifies the password expiration before prompting so it seems it is reading /etc/shadow properly.

Are you allowing password logins?
Is your account logging in using rsa/dsa passwd?
If so, Is your passwd the same as your rsa/dsa key?

Passwords are in use. I've disabled key authentication and have been able to log in using my password. I even copied the user's public key to the server (making sure permissions were correct), but when he attempts to log in it doesn't bother with that and goes straight to password authentication which then fails.

How do I check if I'm using rsa/dsa?

You will see a prompt that looks something like this:
Enter passphrase for key '/home/<user>/.ssh/id_dsa':


What do these lines in your /etc/ssh/sshd_config look like?

#RSAAuthentication yes
#PubkeyAuthentication yes
.
.
.
#PasswordAuthentication no
#PermitEmptyPasswords no

Those lines don't actually exist. The image was created before I got here and the sshd_config file is quite minimalistic:

Compression yes
UseDNS no
TCPKeepAlive no
ClientAliveCountMax 0
ClientAliveInterval 600
PermitEmptyPasswords no
#PubkeyAuthentication yes
PubkeyAuthentication no
PermitRootLogin no
#PasswordAuthentication yes
Port 22
Protocol 2
ListenAddress 10.153.106.205
Subsystem sftp /usr/libexec/openssh/sftp-server
SyslogFacility AUTHPRIV
UsePrivilegeSeparation yes
X11Forwarding no
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
UsePAM yes

Pretty interesting issue. I tried to duplicate this but was not able to exactly duplicate. I succeeded in creating user accounts without having ssh access but with different error messages not with the one which you are getting.

There might be some parameters set in /etc/default/useradd or /etc/login.defs which is resulting in user account creation without ssh access. Chances are also there that a parameter is set in /etc/pam.d/login to prevent ssh login

Paste the output of above mentioned files and lets see what we can come up with.

Also, can you try ssh -vvv blah .. shows more detail

Any AllowUsers specified in /etc/ssh/sshd_config which disallow the login for the new user?

No. My sshd_config is posted above. Nothing blocking specific users.

As you wrote it’s a VM: there are outside ports defined on the real machine which are mapped to the individual virtual machines’s port 22?

SSH is open on the cloud firewall (cloud being what they call it. Personally, I loathe that word for this technology). I've created VMs using other images that don't have this problem.

@ theillien

Did you check the files which I mentioned before.

@ Reuti

Does not appear to be firewall/ports issue the reason being one user is able to login. I can think of tcp wrappers but I am guessing that he is using the same machine to ssh this machine using his account and problematic user account. So tcp wrappers will not come in picture.

I have not had an opportunity yet. I'll post them as soon as I'm able.