LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   SSH - cannot login as 1 particular user (https://www.linuxquestions.org/questions/linux-networking-3/ssh-cannot-login-as-1-particular-user-504609/)

pnellesen 11-24-2006 06:49 PM

SSH - cannot login as 1 particular user [SOLVED]
 
Quick summary - I have 1 user in particular who for some reason cannot login via SSH to my server. I have 2 other users that can login with no problems. This problem didn't manifest until I upgraded my Slackware install from 10.2 to 11. There were some "issues" ( ;) ) with that upgrade, but I thought I had worked them out... guess not :p

More detail:
I have 2 machines, one the server, one a client. Both these machines have a user called "pat". I'm logged into the client machine as "pat", and I'm trying to ssh to the server as "pat" as well: "pat@client: ssh pat@sshserver". It gets to "password" authentication, but my password is rejected. If I try to login as a different user: "pat@client: ssh user2@sshserver", I have no problems at all - user2's password is accepted just fine.

So - technically I CAN login to my ssh server (I know, I can just su to "pat" once I'm there) but I'm going nuts trying to figure out why I can't ssh in as that one user... If you want the ssh -v output, I can add that, but it doesn't really seem to tell a whole lot (i.e. it looks the same regardless of which user I'm trying to ssh in as...)

One final (probably dumb/obvious) question: Could this just be some weird problem with the "pat" user? Would regenerating this user have any effect? If so, how would I make sure that I don't lose the home directory or any permissions related to that user's uid?

Thanks in advance,

fordeck 11-24-2006 07:53 PM

Could you post the exact error message you get when you are denied access?

On sshserver, look at the file "/home/pat/.ssh/known_hosts" and look for an entry that begins with "<client machine name>,<client machine ip address>" that match your client machine. Let me know what you find.

Klesk1337 11-24-2006 08:27 PM

Maybe I'm way off here, but when SSHing from linux, don't you have to specify what user you want to log in as with the "-l" switch, else it defaults to root? Try using your root password to that machine and see if it works. If so, that might be your issue.

pnellesen 11-24-2006 09:38 PM

Quote:

Originally Posted by fordeck
On sshserver, look at the file "/home/pat/.ssh/known_hosts" and look for an entry that begins with "<client machine name>,<client machine ip address>" that match your client machine. Let me know what you find.

Ok - I don't see an entry for the client machine in "/home/pat/.ssh/known_hosts" - I do see the entries for the sshserver machine itself, however. They match the ips and names in my /etc/hosts file. In addition, I don't see any "known_hosts" files in the other users' .ssh directories (e.g. "/home/user2/.ssh")

Thanks,

fordeck 11-24-2006 10:05 PM

Just as a test you could try to rename the "/home/pat/.ssh/known_hosts" and then try to ssh again. If it doesn't work you can always put it back.

pnellesen 11-24-2006 10:17 PM

Yeah, just tried that. In fact, I renamed the entire .ssh directory entirely. Restarted SSHD. Still no luck. I'm stumped. Here's another weird thing - if I ssh in as "user2" , then do an "su - user3", I'm asked for user3's password, as expected. If I "su - pat" instead, I'm NOT asked for pat's password. This holds for any user I ssh in as. I'm beginning to suspect this isn't SSH related at all, except for the fact that I can physically login to the machine itself as "pat" with no problems. Are there any groups a user can belong to that might cause this behavior? "pat" is not a member of "root", but it is a member of several other groups. The other 2 users are only members of "users".

pnellesen 11-24-2006 10:49 PM

[SOLVED] - I reset the password for the user "pat". SSH logins work as expected now, as well as "su - pat". If possible would like to know an explanation for what might have happened.

Thanks for the help.

chort 11-24-2006 11:25 PM

Either the password hash for "pat" got corrupted on the server, or the password was removed entirely. If you could su to pat w/o a password, then it was the latter. If su to pat failed, then it was the former. SSH will prevent logins with null passwords by default.


All times are GMT -5. The time now is 12:30 PM.