Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
While logging in through root ,I can login.But if I try to login through "integ" user,I am unable to login.
/var/log/secure messages:::
Code:
May 20 15:25:23 punsyncserv su: pam_unix(su-l:session): session opened for user integ by root(uid=0)
May 20 15:29:44 punsyncserv su: pam_unix(su-l:session): session closed for user integ
May 20 15:32:59 punsyncserv groupadd[6888]: group added to /etc/group: name=integ, GID=1003
May 20 15:32:59 punsyncserv groupadd[6888]: group added to /etc/gshadow: name=integ
May 20 15:32:59 punsyncserv groupadd[6888]: new group: name=integ, GID=1003
May 20 15:34:37 punsyncserv su: pam_unix(su-l:session): session opened for user integ by root(uid=0)
May 20 15:35:34 punsyncserv su: pam_unix(su:session): session opened for user integ by integ(uid=0)
May 20 18:33:30 punsyncserv sshd[6777]: pam_unix(sshd:session): session closed for user root
May 20 18:33:30 punsyncserv su: pam_unix(su-l:session): session closed for user integ
May 21 06:09:10 punsyncserv login: pam_unix(remote:auth): check pass; user unknown
May 21 06:09:10 punsyncserv login: pam_unix(remote:auth): authentication failure; logname= uid=0 euid=0 tty=pts/8 ruser= rhost=sssuse10b1
May 21 06:09:10 punsyncserv login: pam_succeed_if(remote:auth): error retrieving information about user nightly
May 21 06:09:18 punsyncserv login: FAILED LOGIN 1 FROM sssuse10b1 FOR nightly, User not known to the underlying authentication module
May 21 06:09:43 punsyncserv rshd[9839]: pam_rhosts(rsh:auth): allowed access to nightly@sssuse10b1.vx.xx.com as integ
May 21 11:50:58 punsyncserv sshd[10806]: Failed password for integ from 172.31.48.28 port 49939 ssh2
May 21 11:51:05 punsyncserv sshd[10806]: Failed password for integ from 172.31.48.28 port 49939 ssh2
May 21 11:51:10 punsyncserv sshd[10806]: Failed password for integ from 172.31.48.28 port 49939 ssh2
May 21 11:59:19 punsyncserv sshd[10869]: Failed password for integ from 172.31.48.28 port 53831 ssh2
May 21 12:00:21 punsyncserv sshd[10869]: Failed password for integ from 172.31.48.28 port 53831 ssh2
May 21 12:00:59 punsyncserv sshd[10875]: Failed password for integ from 10.210.135.31 port 58103 ssh2
May 21 15:09:25 punsyncserv sshd[11410]: Connection closed by 172.31.48.15
May 21 15:11:31 punsyncserv sshd[11421]: Accepted password for root from 172.31.48.106 port 64479 ssh2
May 21 15:11:31 punsyncserv sshd[11421]: pam_unix(sshd:session): session opened for user root by (uid=0)
May 21 15:16:51 punsyncserv sshd[11457]: Connection closed by 172.31.48.106
May 21 15:47:08 punsyncserv sshd[11565]: Failed password for integ from 172.31.48.106 port 57542 ssh2
May 21 16:18:14 punsyncserv sshd[11691]: Accepted password for root from 172.31.48.15 port 51139 ssh2
May 21 16:18:14 punsyncserv sshd[11691]: pam_unix(sshd:session): session opened for user root by (uid=0)
I am assuming there is no limit of connections from a user to server using ssh.Also,output of /etc/passwd for " integ" user is::
cat /etc/passwd|grep -i integ
integ:x:501:502::/home/integ:/bin/bash
cat /etc/group|grep -i integ
integ:x:1003:
Also, ssh -vvv output from remote system::
Code:
ssh -vvv integ@punsyncserv.vx.xx.com
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to punsyncserv.vx.xx.com [10.209.11.90] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro up14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12 8,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rij ndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12 8,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rij ndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-g roup-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12 8,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rij ndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12 8,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rij ndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 ,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 ,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 139/256
debug2: bits set: 502/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host punsyncserv.vx.xx.com
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host punsyncserv.vx.xx.com
The authenticity of host 'punsyncserv.vx.xx.com (10.209.11.90)' can't be established.
RSA key fingerprint is 8f:ce:a5:24:13:34:34:1f:dc:9c:57:5b:09:15:2e:b2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'punsyncserv.vx.xx.com,10.209.11.90' (RSA) to the list of known hosts.
debug2: bits set: 538/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/identity ((nil))
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug3: Trying to reverse map address 10.209.11.90.
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug3: no such identity: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
integ@punsyncserv.vx.xx.com's password:
debug3: packet_send2: adding 64 (len 56 padlen 8 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
integ@punsyncserv.vx.xx.com's password:
debug3: packet_send2: adding 64 (len 56 padlen 8 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
integ@punsyncserv.vx.xx.com's password:
Can anyone help me troubleshoot this.
Thanks in advance.
Amit
Last edited by unSpawn; 05-21-2013 at 04:53 PM.
Reason: //Added BB code tags
Distribution: Mint Xfce, Korora Gnome3, Ubuntu Server NoGui,
Posts: 136
Rep:
it seems like you don't have the appropriate key or if not using keys then you don't have a shadowpassword password on the computer your logging into. if you are using keys the users ssh key directory needs 700 permissions and obviously contain the key to be accessible, and the key itself plus the known_hosts files needs 600 permissions for you user be able to log in this way.
FYI. while i believe ppl on this forum to be trustworthy i would still advise against posting output that includes your username, ip adddress and port. you are 1 brute force from being compromised. even if using a key it is dangerous, unless that key also requires a strong passphrase it could be trouble.
Hi,few more settings which may be rquired.I am yet to find a solution::
cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
ls -l /etc/shadow
----------. 1 root root 818 May 6 2011 /etc/shadow
ls -l /etc/passwd
-rw-r--r-- 1 root root 1452 May 20 15:22 /etc/passwd
cat /etc/pam.d/sshd
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
cat /etc/pam.d/system-auth-ac
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
cat password-auth-ac
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
Authentication service cannot retrieve authentication info
You (integ) are not allowed to access to (crontab) because of pam configuration.
You have mail in /var/spool/mail/root
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.