LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Red Hat (http://www.linuxquestions.org/questions/red-hat-31/)
-   -   cannot login via ssh on a single, non root account - telnet ok (http://www.linuxquestions.org/questions/red-hat-31/cannot-login-via-ssh-on-a-single-non-root-account-telnet-ok-831216/)

paziulek 09-09-2010 11:47 AM

cannot login via ssh on a single, non root account - telnet ok
 
a user called, cannot login - forgot the password - common case ( 200 user system )- but this one seems to be a bit different:

user tries to log in via ssh - login/passwd incorrect,
via telnet - no problem

tried a few different users on ssh - no problem...

It seems the access denied applies to just a single, standard user account - only via ssh, all other users are able to login...

tried also to change the passwd, no difference.

beside re-creating the account, can you think about anything else?

system: RHEL AS3, 2.4.21-51ELsmp


Thanks!

AlucardZero 09-09-2010 12:46 PM

What does /var/log/secure say?

paziulek 09-09-2010 01:14 PM

Code:

Failed password for illegal user [ login ] from [ IP } port [ portno ] ssh2
 User [ login ] not allowed because shell /bin/bash  does not exist

the /bin/bash error is a good joke...
the shell for every human on this system is /bin/bash...
only that specific user has the missing bash error

does not seem a file/dir permission... this was not changed since the system's install in 2006.. verified

the challenge/handshake/protocol negotiation on ssh finishes before the user login/password prompt,
so this should not be the problem... but it is still ssh related.

Quote:

Originally Posted by AlucardZero (Post 4092683)
What does /var/log/secure say?


TB0ne 09-09-2010 01:19 PM

Quote:

Originally Posted by paziulek (Post 4092711)
Code:

Failed password for illegal user [ login ] from [ IP } port [ portno ] ssh2
 User [ login ] not allowed because shell /bin/bash  does not exist

the /bin/bash error is a good joke...

the shell for every human on this system is /bin/bash...

Hmm....check the permissions on the /etc/shells file. Also, check IN that file, and make sure that /bin/bash is in there. And check the permissions on the /etc directory itself. Used to be, when installing portsentry, it would change permissions to "700", owned by root:root, so NO ONE but root could log in (couldn't access files in /etc). I've seen situations where if the file can't be accessed, it causes problems. Could be this one user is in a different group, or just ONE group, and doesn't have access to read down into /etc/....

You're running an old kernel/system, too, and I'm sure you've gotten the "upgrade it" speech before....

anomie 09-09-2010 01:30 PM

For everyone's edification, at least do:

$ file /bin/bash && ls -l /bin/bash

I know RHEL3 versions of openssh did not support it, but are you trying to chroot the user? Also, are you doing anything strange in his ~/.bash_profile, ~/.bash_login, ~/.profile, or ~/.bashrc?

paziulek 09-09-2010 01:43 PM

Thank you for your response, I double checked, but non of the "globals" is the case, otherwise me, and other 199 users would not be able to log-in. there is just ONE standard 'users' group, and the "stubborn" user belongs also to it... yes, this is a controlled environment, database: PICK style ( 5y old release ) and software written for it is between 0 and 30 years old... hopefully next year we can go with 2.6 series kernel...

Thank you!


Quote:

Originally Posted by TB0ne (Post 4092718)
Hmm....check the permissions on the /etc/shells file. Also, check IN that file, and make sure that /bin/bash is in there. And check the permissions on the /etc directory itself. Used to be, when installing portsentry, it would change permissions to "700", owned by root:root, so NO ONE but root could log in (couldn't access files in /etc). I've seen situations where if the file can't be accessed, it causes problems. Could be this one user is in a different group, or just ONE group, and doesn't have access to read down into /etc/....

You're running an old kernel/system, too, and I'm sure you've gotten the "upgrade it" speech before....


paziulek 09-09-2010 01:56 PM

Hello, I can su without a problem, but cannot pass login process on ssh.
no, I do not chroot, the ~/. files are customized to work with PICK, but, they are being read pass the login process, and ENVs being applied to both telnet and ssh sessions in the same way...
after Access denied, there is no ~/. files being accessed...

I do not want to just re-create this user, since next time I will end up with re-creating 200, and this will not be fun, since all of them have a bit different ~/.profile's ( each have a different database port number - a "virtual" port )

thank you!

Quote:

Originally Posted by anomie (Post 4092731)
For everyone's edification, at least do:

$ file /bin/bash && ls -l /bin/bash

I know RHEL3 versions of openssh did not support it, but are you trying to chroot the user? Also, are you doing anything strange in his ~/.bash_profile, ~/.bash_login, ~/.profile, or ~/.bashrc?


anomie 09-09-2010 02:00 PM

For the hell of it, try:
# chsh -s /bin/bash <borked_user_here>

Perhaps there is a bad (unprintable) character in his shell, and we are not seeing it in the log.

paziulek 09-09-2010 02:25 PM

Thanks for your suggestion... same result..
I also tried to log in from 3 different stations via ssh, using the same login, different ssh clients... works only via telnet... there is no limit on concurrent connections, no idea.. but still trying,

and the .profile does not have 'echo "Access denied";exit' :)

maybe openssh just hates that user (a scary thought)


Thanks!

ps: I rather restart the system than re-create the account... might work or not, but at least ( I hope ) I will know at what ground I am walking on.. It has a maintenance scheduled for Friday evening... I will let you know if that busted the ghost



Quote:

Originally Posted by anomie (Post 4092766)
For the hell of it, try:
# chsh -s /bin/bash <borked_user_here>

Perhaps there is a bad (unprintable) character in his shell, and we are not seeing it in the log.


mcd 09-13-2010 10:10 PM

Well, you can restrict individual accounts or groups in the /etc/ssh/sshd_config file, but I don't think that would result in the error about missing /bin/bash. Hmm. Have you tried just temporarily moving the user's home directory? I mean, you don't have to remove or re-create the account, just move the home directory, try to log in, and then move it back. I'd be interested to know if that worked. Oh, and how thoroughly have you checked the /etc/passwd file for typos?

paziulek 09-14-2010 08:14 AM

Thank you mcd and ALL,

well, it is for me an unusual behavior, when telnet works ( used by about 40 users ), and ssh ( about 150 ), a passwd, permission, or profile(s) change could result in failed login on both services for that specific user - unless it is a ssh specific per user, custom configuration - none of this is being done...
I did not do any more troubleshooting ( I could still restart sshd, or re-create the user and re-do the custom .profile ). the system maintenance was done on last Friday, system restated, and I checked the ssh on that specific user... and it worked.(!@#$&!???).. so probably restarting sshd would also fix it... why? a bug in sshd that exposes itself in 1 of 1M logins - no idea. I might not see this ever again ( I hope I do not have to deal with RHEL 3 for more than I expect ;] )

Thank you ALL for all your suggestions!

and have a good day and low iowait!

paziulek




Quote:

Originally Posted by mcd (Post 4096637)
Well, you can restrict individual accounts or groups in the /etc/ssh/sshd_config file, but I don't think that would result in the error about missing /bin/bash. Hmm. Have you tried just temporarily moving the user's home directory? I mean, you don't have to remove or re-create the account, just move the home directory, try to log in, and then move it back. I'd be interested to know if that worked. Oh, and how thoroughly have you checked the /etc/passwd file for typos?


TB0ne 09-14-2010 09:44 AM

Thanks for posting a follow-up...was very curious as to what you'd find. STILL curious as to what caused this, as I'm sure you are. Glad you're all set,t hough.

pklausner 02-01-2013 10:08 AM

I have a similar problem with RHEL6:
remote login via ssh fails for all users. I reloaded sshd with debug logging from my last available terminal (which proves it did work!) and find this for all users:

Code:

sshd[12857]: User foobar not allowed because shell /bin/bash does not exist
All relevant files look ok to me, they are plain default from a fresh install:

Code:

root@bar~# ls -l /bin/bash
-rwxr-xr-x. 1 root root 939824 Jan 27  2011 /bin/bash

root@bar~# ls -ld /bin
dr-xr-xr-x. 2 root root 4096 Jan 15 11:47 /bin

root@bar~# egrep -i 'root|allow|deny' /etc/ssh/sshd_config
#PermitRootLogin yes
# be allowed through the ChallengeResponseAuthentication and
# the setting of "PermitRootLogin without-password".
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#ChrootDirectory none
#      AllowTcpForwarding no

root@bar~]# grep bash /etc/shells | od -xc
0000000    622f    6e69    622f    7361    0a68
          /  b  i  n  /  b  a  s  h  \n
0000012

Likewise, there are no stray characters in /etc/passwd, shadow.

The only thing I have not tried is a restart. If this won't fix it, I would need to walk :(
Any other ideas?Update: restart of sshd does not fix it. Interestingly it did _not_ kill my last session.

chrism01 02-03-2013 10:55 PM

Well, there a few 'permissions' type things that might(?) trigger a similar msg

1. ownerships
2. perms
3. acls
4. SELinux
5. NIS
6. LDAP

You could check all relevant ones (eg you might or might not be using centralised auth ie NIS or LDAP)

also try
Code:

file /bin/bash

Hidden chars in /etc/passwd shell field?

pklausner 02-05-2013 09:33 AM

od showed no extra chars in the other files.
Perms on all the files and directories looked ok, didn't they?
ACLS. I do not knowingly use them.
SELinux. ditto.
NIS & LDAP: I don't use them and PAM does not refer to them.

Anyway. A reboot revealed even bigger problems, like:
Code:

Mounting local filesystems:  /sbin/mount.tmpfs: line 40: /bin/grep: Permission denied
...
/sbin/mount.tmpfs: line 51: /bin/mount: Permission denied
/sbin/mount.tmpfs: line 51: exec: /bin/mount: cannot execute: Permission denied
...
Starting ksmtuned: /usr/sbin/ksmtuned: line 44: awk: command not found
/usr/sbin/ksmtuned: line 48: KSM_SLEEP_MSEC * 16 * 1024 * 1024 / total: division by 0 (error token is "total")
/usr/sbin/ksmtuned: line 49: [: -le: unary operator expected
/usr/sbin/ksmtuned: line 133: touch: command not found

Just have not enough time to hunt down the root cause :(
I stored away an image for later contemplation and rebuilt from scratch...

Thanks for your tips anyway


All times are GMT -5. The time now is 03:08 AM.