Can't SSH as Apache user

GaijinPunch · 11-24-2005, 07:31 PM

Hey Kids:

I'm trying to SSH from MachineA to MachineB, as a common user. As user "gp", it works fine:
$ ssh abc@MachineB uptime
9:13am up 302 days, 4:32, 8 users, load average: 0.00, 0.00, 0.00

When I try it as the apache user (which needs to do it to get some data to display on a webpage), I get this:
ssh abc@MachineB uptime
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).

I'm not even prompted for a password. I get the same thing if I simply try to ssh as apache, and not as user "abc". As such, the problem must be on MachineA. Even so, I've checked everything on MachineB as well, and can't find anything wrong. I've copied $HOME/gp/.ssh/known_hosts to /home/httpd/.ssh/known_hosts --- this seems to be the issue though. If I remve the file, I get "Host key verification failed".

Slight Edit before I post:
It seems I can't SSH anywhere as Apache. I always get this annoying Permission denied (publickey,password,keyboard-interactive) message. If I remove the host from the known_hosts file, then I get the "Host key verification failed", regardless of the target machine.

FYI -- the gp user is not apart of any groups.

Any help?

FliesLikeABrick · 11-24-2005, 11:59 PM

does the apache user have a home folder? Is this how SSH acts when a user tries to login that doesn't have a home folder?

GaijinPunch · 11-25-2005, 12:04 AM

apache's home folder is /home/httpd. It's even got a .ssh folder w/ it's rsa key in there. If someone tries to login w/o a homedir, it just goes to the root and says it couldn't change directories to the non-existent homedir.

FliesLikeABrick · 11-25-2005, 12:05 AM

heh, alright... nevermind me, I've now learned something.. thanks and sorry for the clutter

abhijeetudas · 11-25-2005, 12:46 AM

Look @ the passwd file

Apache Users shell by default is /sbin/nologin

& it is recommended that you keep it that way!

GaijinPunch · 11-25-2005, 04:56 AM

Quote:

Originally posted by abhijeetudas
Look @ the passwd file
Apache Users shell by default is /sbin/nologin
& it is recommended that you keep it that way!

Yeah, well, I can't keep everyone happy. I either have to change the passwd file and fix this ssh issue, or make an sshd_config config change on some remote, and coincidentally very important routers.... and I've got people moaning on both sides of the iussue, so, here I am.

Anyways, I've had to change the shell to bash to figure out this ssh problem. Once it's sorted out and the script works, I'll change it back to /sbin/false, which was the default when apache was installed.

GaijinPunch · 11-27-2005, 05:47 PM

Nobody else wants to take a stab at this?