LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-22-2004, 03:25 PM   #1
PC Rob
LQ Newbie
 
Registered: Mar 2004
Posts: 8

Rep: Reputation: 0
Can't SSH to server unless in root group


Hello everyone.

I posted this thread in the Mandrake sub forum as well, but I wanted to see if maybe other linux version have had the same issue.

I just installed Mandrake 10.0 community, and for some reason no users can SSH to the server unless I put them in the root group (don't worry I didn't leave any of them in there).

I get the following in the auth.log file and in the messages log file:

Mar 22 15:05:07 localhost sshd(pam_unix)[2628]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=0.0.0.0
user=dummy

Mar 22 15:05:09 localhost sshd[2628]: Accepted password for dummy from ::ffff:0.0.0.0 port 3622 ssh2

The only things I edited in the log entried above are the IPs and the username.

If I give "dummy" root group access, he can log in through SSH and his profile runs perfect.

This is driving me insane, and I can not find the cause.

Thanks in advance for the help.

Rob
 
Old 03-22-2004, 05:55 PM   #2
andrewlkho
Member
 
Registered: Jul 2003
Location: London
Posts: 548

Rep: Reputation: 30
What's your sshd_config say about who can log in?
 
Old 03-23-2004, 04:11 AM   #3
markehb
LQ Newbie
 
Registered: Mar 2004
Distribution: mandrake 9.0
Posts: 29

Rep: Reputation: 15
you tried: (from the man)

AllowGroups
This keyword can be followed by a list of group name patterns,
separated by spaces. If specified, login is allowed only for
users whose primary group or supplementary group list matches one
of the patterns. `*' and `?' can be used as wildcards in the
patterns. Only group names are valid; a numerical group ID is
not recognized. By default, login is allowed for all groups.

Tho by the looks of it, by default all groups are allowed, theres no mention of AllowGroups in my sshd_config

Last edited by markehb; 03-23-2004 at 04:12 AM.
 
Old 03-23-2004, 08:28 AM   #4
PC Rob
LQ Newbie
 
Registered: Mar 2004
Posts: 8

Original Poster
Rep: Reputation: 0
I have my specific group allowed (let's call it "one") in the sshd_config. I am using webmin by the way, but I checked the file directly to make sure my changes in webmin made it to the file.

If I try to SSH to the server with a user that does NOT belong to the "one" group, that user receives a message that says access denied. As soon as I add that user to the "one" group it attempts the connect (I no longer get access denied) but then it disconnects the user with no other messages. In the auth.log is what I posted above.

It has to be pam or something, but I can not figure it out.

Any other suggestions please?

Thanks,

Rob
 
Old 03-23-2004, 08:34 AM   #5
markehb
LQ Newbie
 
Registered: Mar 2004
Distribution: mandrake 9.0
Posts: 29

Rep: Reputation: 15
you done a $ ssh -v <yourhost>
to see if it brings up anything?
 
Old 03-23-2004, 08:58 AM   #6
PC Rob
LQ Newbie
 
Registered: Mar 2004
Posts: 8

Original Poster
Rep: Reputation: 0
I am connecting to the host from windows clients running an SSH terminal so I can't try that command.
 
Old 03-23-2004, 09:43 AM   #7
AutOPSY
Member
 
Registered: Mar 2004
Location: US
Distribution: Redhat 9 - Linux 2.6.3
Posts: 836

Rep: Reputation: 31
ssh -v <yourhost>

Windows ssh clients probably some of them can be run from the command line, -v is verbose.
If you have a windowing ssh client just check the options/preferences section for a debugging/verbose check box.'

or like I said try to execut the program from the command line.
 
Old 03-23-2004, 09:59 AM   #8
PC Rob
LQ Newbie
 
Registered: Mar 2004
Posts: 8

Original Poster
Rep: Reputation: 0
Below is all I can get out of the SSH terminal I am using.

Attempting connection to 0.0.0.0 port 22
Connected
Securing connection
Host signature verified
Connection secured


Connection closed by host

Disconnected
 
Old 03-23-2004, 04:46 PM   #9
PC Rob
LQ Newbie
 
Registered: Mar 2004
Posts: 8

Original Poster
Rep: Reputation: 0
I tried to SSH now from another test linux server we have. Below is the verbose detail from the command line after it asked for the password:

ebug1: Next authentication method: password
test@0.0.0.0's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: channel 0: request pty-req
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: channel 0: request x11-req
debug1: channel 0: request shell
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug1: channel_free: channel 0: client-session, nchannels 1
Connection to 0.0.0.0 closed by remote host.
Connection to 0.0.0.0 closed.
debug1: Transferred: stdin 0, stdout 0, stderr 93 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 980.4
debug1: Exit status -1

Any help is appreciated. It must be something in my security settings because I can SSH into that test server with a regular user no problem.

Thanks,

Rob
 
Old 03-24-2004, 03:44 AM   #10
markehb
LQ Newbie
 
Registered: Mar 2004
Distribution: mandrake 9.0
Posts: 29

Rep: Reputation: 15
how are you permissions set on the .ssh dir and the authorized_keys file in it?
 
Old 03-24-2004, 02:21 PM   #11
PC Rob
LQ Newbie
 
Registered: Mar 2004
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks for the help everyone. I have found the problem. While setting up the system (this is all still in testing) I somehow changed the access rights on the / root directory to not allow anyone outside the owner user and group to read or execute. This was not allowing the ssh session to write the xauthority file to the user's home directory since it could not make it past the root directory.

Thanks again,

Rob
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Group Admin, Group Root, or God over Group crickett Linux - General 5 07-12-2004 05:01 PM
new user and group ssh Longinus Linux - Newbie 3 07-11-2004 03:21 AM
Root Group Not Behaving borrrden Linux - Security 3 06-12-2004 12:19 AM
Can't SSH unless in root group PC Rob Mandriva 2 03-23-2004 04:49 PM
Adding nobody to the root group saravanan1979 Linux - Networking 2 04-27-2002 06:36 AM


All times are GMT -5. The time now is 09:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration