LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 07-06-2005, 02:06 PM   #1
Baix
Member
 
Registered: Jun 2004
Distribution: Gentoo, LFS, Slackware
Posts: 203

Rep: Reputation: 30
No longer able to log into ssh. Password right but "permission denied"


I've been using ssh for a while and its worked perfectly however now when I try to login...
Code:
login...andrew@tux ~ $ ssh localhost
Password: (mypassword)
Password: (mypassword)
Password: (mypassword)
Permission denied (publickey,keyboard-interactive).
However, when logging in as root it works perfectly. Unfortunatly I prefer to disable root logins. I can't think of anything that has changed that would have caused this problem. Thanks for any help!
 
Old 07-06-2005, 02:28 PM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 117Reputation: 117
Can you log in locally without a problem? Have you tried resetting the password as root? Can you post your sshd_config?
 
Old 07-06-2005, 02:35 PM   #3
Baix
Member
 
Registered: Jun 2004
Distribution: Gentoo, LFS, Slackware
Posts: 203

Original Poster
Rep: Reputation: 30
Locally, all the passwords are fine, logging in, su'ing etc.

Quote:
Have you tried resetting the password as root?
I've done everything from change passwords to delete and recreate users.


As for my sshd config:

Code:
#       $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
UsePAM yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yesI've done everything from change passwords to delete and recreate users.
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem       sftp    /usr/lib/misc/sftp-server
 
Old 07-06-2005, 02:36 PM   #4
Baix
Member
 
Registered: Jun 2004
Distribution: Gentoo, LFS, Slackware
Posts: 203

Original Poster
Rep: Reputation: 30
Here's the result of trying to log in with ssh -v:

Code:
ssh -v localhost
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/andrew/.ssh/identity type -1
debug1: identity file /home/andrew/.ssh/id_rsa type -1
debug1: identity file /home/andrew/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/andrew/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/andrew/.ssh/identity
debug1: Trying private key: /home/andrew/.ssh/id_rsa
debug1: Trying private key: /home/andrew/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password: 
debug1: Authentications that can continue: publickey,keyboard-interactive
Password: 
debug1: Authentications that can continue: publickey,keyboard-interactive
Password: 
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).
 
Old 07-06-2005, 02:38 PM   #5
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 117Reputation: 117
Hrrm, that looks just fine. Try looking in your logs. Usually a more verbose message gets logged.

Very often, the log will be /var/log/secure, /var/log/sshd, or similar.
 
Old 07-06-2005, 02:42 PM   #6
Baix
Member
 
Registered: Jun 2004
Distribution: Gentoo, LFS, Slackware
Posts: 203

Original Poster
Rep: Reputation: 30
there we no logs specific for ssh however it looks like it may have to have something to do with PAM. Also notice how it still lets root in (when "permitrootlogin=yes" of coarse).

Code:
less /var/log/messages | grep ssh:

Jul  6 14:56:26 tux sshd[19110]: Server listening on 0.0.0.0 port 22.
Jul  6 14:57:00 tux sshd[19136]: error: PAM: Authentication failure for andrew from tux.linuxbox.com
Jul  6 14:57:05 tux sshd[19136]: error: PAM: Authentication failure for andrew from tux.linuxbox.com
Jul  6 14:57:16 tux sshd[19136]: error: PAM: Authentication failure for andrew from tux.linuxbox.com
Jul  6 15:02:10 tux sshd[19274]: error: PAM: Authentication failure for andrew from tux.linuxbox.com
Jul  6 15:02:14 tux sshd[19274]: error: PAM: Authentication failure for andrew from tux.linuxbox.com
Jul  6 15:02:20 tux sshd[19274]: error: PAM: Authentication failure for andrew from tux.linuxbox.com
Jul  6 15:04:57 tux sshd[19335]: Accepted keyboard-interactive/pam for root from 127.0.0.1 port 56772 ssh2
Jul  6 15:04:57 tux sshd(pam_unix)[19341]: session opened for user root by root(uid=0)
Jul  6 15:13:08 tux sshd[19442]: error: PAM: Authentication failure for andrew from tux.linuxbox.com
Jul  6 15:14:12 tux sshd(pam_unix)[19501]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=tux.linuxbox.com  user=brian
Jul  6 15:14:14 tux sshd[19496]: error: PAM: Authentication failure for brian from tux.linuxbox.com
Jul  6 15:14:21 tux sshd[19496]: error: PAM: Authentication failure for brian from tux.linuxbox.com
Jul  6 15:14:22 tux sshd(pam_unix)[19503]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=tux.linuxbox.com  user=brian
Jul  6 15:14:24 tux sshd[19496]: error: PAM: Authentication failure for brian from tux.linuxbox.com
Jul  6 15:16:05 tux sshd[19521]: error: PAM: Authentication failure for andrew from tux.linuxbox.com
Jul  6 15:17:09 tux sshd[19528]: error: PAM: Authentication failure for andrew from tux.linuxbox.com
Jul  6 15:17:13 tux sshd[19528]: error: PAM: Authentication failure for andrew from tux.linuxbox.com
Jul  6 15:17:18 tux sshd[19528]: error: PAM: Authentication failure for andrew from tux.linuxbox.com
Jul  6 15:35:57 tux sshd[19785]: error: PAM: Authentication failure for andrew from tux.linuxbox.com
Jul  6 15:36:01 tux sshd[19785]: error: PAM: Authentication failure for andrew from tux.linuxbox.com
Jul  6 15:36:05 tux sshd[19785]: error: PAM: Authentication failure for andrew from tux.linuxbox.com

Last edited by Baix; 07-06-2005 at 02:48 PM.
 
Old 07-06-2005, 03:19 PM   #7
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 117Reputation: 117
I guess it's time to turn to your attention to /etc/pam.d/sshd. What does that file contain?
 
Old 07-06-2005, 03:23 PM   #8
Baix
Member
 
Registered: Jun 2004
Distribution: Gentoo, LFS, Slackware
Posts: 203

Original Poster
Rep: Reputation: 30
Thanks for your help so far Matir

/etc/pam.d/sshd
Code:
#%PAM-1.0

auth       required     pam_stack.so service=system-auth
auth       required     pam_shells.so
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
 
Old 07-06-2005, 03:33 PM   #9
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 117Reputation: 117
Quite perplexing. Your pam.d/sshd is identical to mine (Gentoo defaults for the 2005.0 profile). I don't suppose the file /etc/nologin exists?

Also, try to grep pam in /var/log/messages. Perhaps it's giving a more verbose message through pam. Interestingly enough, pam_stack should handle local logins and ssh logins the same, so only pam_shell and pam_nologin should matter.
 
Old 07-06-2005, 03:40 PM   #10
Baix
Member
 
Registered: Jun 2004
Distribution: Gentoo, LFS, Slackware
Posts: 203

Original Poster
Rep: Reputation: 30
Thank you soo much. For some odd reason a /etc/nologin had been created with a line about "system is going down for a shutdown, blah blah" message. I deleted it and now all looks fine so far.
Once again, thanks!

Last edited by Baix; 07-06-2005 at 03:42 PM.
 
Old 07-06-2005, 03:43 PM   #11
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 117Reputation: 117
LOL, glad it's working. Might want to keep an eye out for that popping up again. I can't imagine what would cause it.
 
Old 11-21-2008, 12:44 PM   #12
emallove
LQ Newbie
 
Registered: Nov 2008
Posts: 1

Rep: Reputation: 0
Deleting the account from /etc/passwd can help too

I had the same problem. I was unable to SSH to host-xyz, while other folks in my same unix group were able to. I was seeing this in /var/log/messages:

sshd[4191]: error: PAM: Authentication failure for emallove ...

The problem was that somehow an account for "emallove" had been created on the local system which was apparently overriding our shared LDAP passwd file. After deleting the "emallove" line from /etc/passwd I can now SSH to host-xyz.
 
  


Reply

Tags
authentication, pam, passwd, sshd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
can't execute c++ binaries, "permission denied"... even though permission is 777 SerfurJ Programming 14 02-20-2009 04:50 AM
Submount, "permission denied" when writing to floppy as normal user DaneM Linux - Software 5 02-22-2006 02:05 PM
"permission denied" error when cron job executes jillu Linux - Newbie 11 11-02-2004 01:19 PM
Eclipse SDK v3.0 running problem: "Permission denied" AlexDunnCpp Linux - Newbie 1 08-03-2004 11:45 AM
"permission denied" when I try to send raw data to the sound device. Travis86 Linux - Hardware 2 10-29-2003 09:08 AM


All times are GMT -5. The time now is 01:01 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration