LinuxQuestions.org - Passwordless ssh works. Normal login/ssh Fails.

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Passwordless ssh works. Normal login/ssh Fails. (https://www.linuxquestions.org/questions/linux-newbie-8/passwordless-ssh-works-normal-login-ssh-fails-4175435877/)

Passwordless ssh works. Normal login/ssh Fails.

Hi,
I have RHEL vms. Everything used to work fine. But suddenly, i see that i am not able to ssh into the vm. It says Permission denied. i know that i am giving the correct password. So, i tried logging in through console, that also failed.
I have another VM from which i had configured passwordless ssh to this one. So, i try ssh from that machine. This works. So, i logged in to the machine this way and changed passwd (thinking somebody might have changed password), but logging in with new password also fails. I tried changing password from single user mode, again, the new password didnt work.
Passwordless ssh (using public key) works though. Can somebody help me in figuring out what went wrong?

Regards,
Guru

In server make sure whether password is not locked for this user using

Code:

passwd -S username

as root user.
If you find as "L" or "LK" in the 2nd field from the above command's output then password for this user is locked. To unlock the password run

Code:

passwd -u username

Thanks for ofering help. But it didn't work.
When i give passwd -S root, the ouput is
root PS 2012-11-06 0 99999 7 -1 (Password set, MD5 crypt.)
(No L or LK). Nevertheless i proceeded and gave passwd -u root.
Unlocking password for user root.
passwd: Success.

But still i am not able to login by entering password. ( I even tried giving "Success." as password:D)..

Did you make any changes in /etc/ssh/sshd_config file? In this file, once check the value of PermitRootLogin. It must be set to "yes", else root will not be allowed to login through ssh.

No, I didn't change anything there. And PermitRootLogin is Yes. I checked /etc/hosts.allow /etc/hosts.deny. Both files don't have any entries. selinux is disabled, and iptables is off.

The following is the content of sshd_config. I don's see anything strange here. Please check if something falls in your eyes.
#Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

Checked by adding your configurations to /etc/ssh/sshd_config file and found it is working fine. So can you just do

Code:

service sshd restart

and recheck it again?

Sorry for the late reply. i had actually given up on this. i had restarted the service several times. Nothing seems to work.

Quote:

I have RHEL vms. Everything used to work fine. But suddenly, i see that i am not able to ssh into the vm.It says Permission denied. i know that i am giving the correct password. So, i tried logging in through console, that also failed.

Are you able to login to ssh server using other username of ssh server?
Can you create one more account in the same VM(ssh client PC), and try to login by providing root's password of remote PC using this new user, and ensure that you can login to that?

I don't know your current network setup in VMs i.e NAT, Bridged, Host only etc.
Are both IPs in the same network and able to ping from both side?
And also I don't know that how many interface you have connected in VMs. check which interface is connected using

Code:

mii-tool

command, then you may get output like below

Code:

eth0: negotiated 100baseTx-FD flow-control, link ok

eth3: no link

Then make sure whether connected interface IP is correct.

Are you able to login locally in ssh server itself?

Code:

ssh root@localhost

Quote:

I have another VM from which i had configured passwordless ssh to this one. So, i try ssh from that machine. This works.

Can you create one more account in that VM(ssh client PC), and try to login by providing root's password of remote PC using that new user, and ensure that you can login to that?
Can you post the below command's output of ssh server

Code:

sestatus

service iptables status

iptables -L

netstat -ntuelp | grep ssh

It has got nothing to do with network. Not even firewall. Something on the paswword authentication is screwed. I am not able to login using any user. or from the same user to itself. however, if i configure passwordless ssh, all works.(from same-machine/different machine)

Quote:

Originally Posted by gurunarayanan (Post 4824819)

Once look into the /etc/shadow file on system in which you're trying to login. Second field of this file, against every username, contains encrypted password for it's corresponding username. So if there's really some pb with password, then shadow file's second field will look wierd (containing a long string of unusual dizzy character). And if it is, then manually edit the /etc/shadow file and remove it's second field for affected accounts & left the 2nd i.e. password field empty. Then again change the password using "passwd <username>" command and try to login into that machine from some remote machine using new password. Hope it will help!