cant ssh getting permission denied error.

dhar_bikramtm · 09-09-2019, 11:57 PM

After changing password a user complained he cant able to login. He is getting " permission denied ,try after some time " error.Other user able to do ssh.failed user is a old user and can do ssh in past.

Kindly help me from where to start ?

scasey · 09-10-2019, 02:17 AM

Is the user using the new password?
How was the password changed? By whom?

dhar_bikramtm · 09-10-2019, 02:41 AM

Quote:

Originally Posted by scasey

Is the user using the new password?
How was the password changed? By whom?

yes user is used new password and changed by him
but when i have changed his password ( by root ) still it i not working

chage :::

Last password change : Sep 09, 2019
Password expires : Oct 09, 2019
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 30
Number of days of warning before password expires : 7

passwd :

tamha500 PS 2019-09-09 0 30 7 -1 (Password set, SHA512 crypt.)

/var/log/secure :

Sep 9 16:16:20 mkc-web sshd[7074]: pam_unix(sshd:account): expired password for user tamha500 (password aged)
Sep 9 16:16:20 mkc-web sshd[7074]: Accepted password for tamha500 from 10.77.36.98 port 59717 ssh2
Sep 9 16:16:20 mkc-web sshd[7074]: pam_unix(sshd:session): session opened for user tamha500 by (uid=0)
Sep 9 16:16:43 mkc-web passwd: pam_unix(passwd:chauthtok): password changed for tamha500
Sep 9 16:17:02 mkc-web sshd[7074]: pam_unix(sshd:session): session closed for user tamha500
Sep 9 16:17:34 mkc-web sshd[7092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.77.36.98 user=tamha500
Sep 9 16:17:36 mkc-web sshd[7092]: Failed password for tamha500 from 10.77.36.98 port 59719 ssh2
Sep 9 16:20:57 mkc-web sshd[7186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.77.36.98 user=tamha500
Sep 9 16:20:59 mkc-web sshd[7186]: Failed password for tamha500 from 10.77.36.98 port 60504 ssh2
Sep 9 16:21:14 mkc-web sshd[7186]: Failed password for tamha500 from 10.77.36.98 port 60504 ssh2
Sep 9 16:31:18 mkc-web sshd[7419]: Invalid user tamha500. from 10.77.36.98
Sep 9 16:31:18 mkc-web sshd[7420]: input_userauth_request: invalid user tamha500.
Sep 9 16:31:35 mkc-web sshd[7419]: pam_succeed_if(sshd:auth): error retrieving information about user tamha500.
Sep 9 16:31:37 mkc-web sshd[7419]: Failed password for invalid user tamha500. from 10.77.36.98 port 45591 ssh2
Sep 9 16:32:36 mkc-web passwd: pam_unix(passwd:chauthtok): password changed for tamha500
Sep 9 16:32:54 mkc-web su: pam_unix(su:session): session opened for user tamha500 by dhar501(uid=0)
Sep 9 16:33:04 mkc-web su: pam_unix(su:session): session closed for user tamha500
Sep 9 16:49:48 mkc-web su: pam_tally2(su:auth): user tamha500 (1032) tally 5, deny 3
Sep 9 16:50:13 mkc-web su: pam_unix(su:auth): authentication failure; logname=dhar501 uid=1031 euid=0 tty=pts/0 ruser=dhar501 rhost= user=tamha500
Sep 9 16:53:35 mkc-web su: pam_tally2(su:auth): user tamha500 (1032) tally 6, deny 3
Sep 9 16:57:59 mkc-web usermod[8022]: lock user 'tamha500' password
Sep 9 16:58:51 mkc-web usermod[8029]: unlock user 'tamha500' password
Sep 9 16:59:21 mkc-web passwd: pam_unix(passwd:chauthtok): password changed for tamha500
Sep 9 16:59:49 mkc-web su: pam_unix(su:auth): authentication failure; logname=dhar501 uid=1031 euid=0 tty=pts/0 ruser=dhar501 rhost= user=tamha500
Sep 9 17:20:06 mkc-web sshd[8561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.77.36.98 user=tamha500
Sep 9 17:20:07 mkc-web sshd[8561]: Failed password for tamha500 from 10.77.36.98 port 55037 ssh2

scasey · 09-10-2019, 04:36 AM

Perhaps the password didn’t actually change because the new password doesn’t pass the password rules.
I had that problem once when the new password was too short. Got no indication that the change didn’t work, it just didn’t change.
Does the new password comply with the rules?

(That’s just a SWAG..)

dhar_bikramtm · 09-10-2019, 06:22 AM

Quote:

Originally Posted by scasey

Perhaps the password didn’t actually change because the new password doesn’t pass the password rules.
I had that problem once when the new password was too short. Got no indication that the change didn’t work, it just didn’t change.
Does the new password comply with the rules?

(That’s just a SWAG..)

new password has been in effect pls check the below line from /var/log/secure

Sep 9 16:32:36 mkc-web passwd: pam_unix(passwd:chauthtok): password changed for tamha500

TB0ne · 09-10-2019, 08:54 AM

Quote:

Originally Posted by dhar_bikramtm

new password has been in effect pls check the below line from /var/log/secure

Sep 9 16:32:36 mkc-web passwd: pam_unix(passwd:chauthtok): password changed for tamha500

Read the LQ Rules about not using text-speak. And since other users can log in, and you know this password (since you just changed it), have YOU tried to log in as that user, to see what happens?? Have you done any basic troubleshooting, such as asking that user how they're logging in, what password they're using, etc? Could very well be they have a password saved somewhere, and they're just hitting ENTER.

scasey · 09-10-2019, 02:26 PM

Quote:

Originally Posted by dhar_bikramtm

new password has been in effect pls check the below line from /var/log/secure

Sep 9 16:32:36 mkc-web passwd: pam_unix(passwd:chauthtok): password changed for tamha500

Yeah. That happened in the case I mentioned, too. As I recall there was an error in some obtuse log file that indicated the reason the password was rejected, but everything else look as if it had been changed.

Of course, in that case, the old password still worked, since it hadn't been changed and hadn't expired.

I suppose it's not unlike the "file not found" error one gets when the user simply doesn't have permission to access the file: "security by obscurity"