Passwordless ssh works. Normal login/ssh Fails.
Hi,
I have RHEL vms. Everything used to work fine. But suddenly, i see that i am not able to ssh into the vm. It says Permission denied. i know that i am giving the correct password. So, i tried logging in through console, that also failed. I have another VM from which i had configured passwordless ssh to this one. So, i try ssh from that machine. This works. So, i logged in to the machine this way and changed passwd (thinking somebody might have changed password), but logging in with new password also fails. I tried changing password from single user mode, again, the new password didnt work. Passwordless ssh (using public key) works though. Can somebody help me in figuring out what went wrong? Regards, Guru |
In server make sure whether password is not locked for this user using
Code:
passwd -S username If you find as "L" or "LK" in the 2nd field from the above command's output then password for this user is locked. To unlock the password run Code:
passwd -u username |
Thanks for ofering help. But it didn't work.
When i give passwd -S root, the ouput is root PS 2012-11-06 0 99999 7 -1 (Password set, MD5 crypt.) (No L or LK). Nevertheless i proceeded and gave passwd -u root. Unlocking password for user root. passwd: Success. But still i am not able to login by entering password. ( I even tried giving "Success." as password:D).. |
Did you make any changes in /etc/ssh/sshd_config file? In this file, once check the value of PermitRootLogin. It must be set to "yes", else root will not be allowed to login through ssh.
|
No, I didn't change anything there. And PermitRootLogin is Yes. I checked /etc/hosts.allow /etc/hosts.deny. Both files don't have any entries. selinux is disabled, and iptables is off.
The following is the content of sshd_config. I don's see anything strange here. Please check if something falls in your eyes. #Port 22 #Protocol 2,1 Protocol 2 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH SyslogFacility AUTHPRIV #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no PasswordAuthentication yes # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no GSSAPIAuthentication yes #GSSAPICleanupCredentials yes GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication mechanism. # Depending on your PAM configuration, this may bypass the setting of # PasswordAuthentication, PermitEmptyPasswords, and # "PermitRootLogin without-password". If you just want the PAM account and # session checks to run without PAM authentication, then enable this but set # ChallengeResponseAuthentication=no #UsePAM no UsePAM yes # Accept locale-related environment variables AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #ShowPatchLevel no #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no #ChrootDirectory none # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server |
Checked by adding your configurations to /etc/ssh/sshd_config file and found it is working fine. So can you just do
Code:
service sshd restart |
Sorry for the late reply. i had actually given up on this. i had restarted the service several times. Nothing seems to work.
|
Quote:
Can you create one more account in the same VM(ssh client PC), and try to login by providing root's password of remote PC using this new user, and ensure that you can login to that? I don't know your current network setup in VMs i.e NAT, Bridged, Host only etc. Are both IPs in the same network and able to ping from both side? And also I don't know that how many interface you have connected in VMs. check which interface is connected using Code:
mii-tool Code:
eth0: negotiated 100baseTx-FD flow-control, link ok Are you able to login locally in ssh server itself? Code:
ssh root@localhost Quote:
Can you post the below command's output of ssh server Code:
sestatus |
It has got nothing to do with network. Not even firewall. Something on the paswword authentication is screwed. I am not able to login using any user. or from the same user to itself. however, if i configure passwordless ssh, all works.(from same-machine/different machine)
|
Quote:
|
All times are GMT -5. The time now is 06:34 PM. |