Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am having a weird issue with ssh. I have a user trying to ssh via putty from a windows server. When he tries to use his account, he keeps getting access denied (I just created his). I temporarily changed my user account password just to have him try that and rule out putty, and he's able to connect with my id.
My hosts.allow and hosts.deny are empty. There is an AllowUsers entry in the sshd_config file which I added him to and restarted ssh (service sshd restart). He's still getting access denied with his account, but he can still log in with my user account.
I know we should be using key authentication, but I just started here and have not implemented that yet.
Any ideas on why I'm getting access denied for his user account?
sshd[7638]: Failed password for jsmith from ::ffff:xxx.xx.xx.xx port 1055 ssh2 => I obviously x'd out the ip address and I'm definitely using the correct password
I'm having the EXACT same problem. commented out AllowUsers.. i've created and deleted multiple accounts, but only this one specific account is just flat out getting ACCESS DENIED every time. I'm so tired I've been working on this for hours Idk what to do. this post is kinda a placeholder for possible info by morning... if no response, I'll double post with some extra info too tired now though
Perhaps try deleting the .ssh directory for that user and see if that fixes it. Otherwise, I assume ssh is checking the password against /etc/shadow so maybe see if that user has something different than the other users have?
I tried commenting out permitrootlogin... nada. Here's a run down of what it looks like to login as the different users(via any ssh client really, but in this case copying out of putty).
Quote:
login as: payton
Debian GNU/Linux 6.0 \n \l
suck my d and b
payton@192.168.0.6's password:
Access denied
payton@192.168.0.6's password:
Quote:
login as: robert
Debian GNU/Linux 6.0 \n \l
suck my d and b
robert@192.168.0.6's password:
Linux cary 2.6.32-5-686 #1 SMP Mon Oct 3 04:15:24 UTC 2011 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have mail.
Last login: Tue Oct 18 09:00:05 2011 from 192.168.0.2
robert@cary:~$
Quote:
login as: meowlie
Debian GNU/Linux 6.0 \n \l
suck my d and b
meowlie@192.168.0.6's password:
Linux cary 2.6.32-5-686 #1 SMP Mon Oct 3 04:15:24 UTC 2011 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Oct 18 08:57:04 2011 from 192.168.0.2
meowlie@cary:~$
Quote:
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
#PermitRootLogin no
StrictModes yes
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#Allows specific users access. Comment if you want all users to access. bad idea
AllowUsers root robert meowlie payton
ClientAliveInterval 1200
ClientAliveCountMax 0
Banner /etc/issue
Last edited by evilmegaman; 10-18-2011 at 11:23 AM.
Well, /etc/sshd_config looks OK, as it should since other users can log in OK.
Things to try:
Triple check the password is correct! Reset it to something and make sure you can log in directly on the server
There's something wrong in the .ssh folder: mv /home/payton/.ssh /home/payton/ssh_backup
Check /etc/passwd and /etc/shadow and see if there's any difference between the payton and robert accounts
Last edited by phaemon; 10-19-2011 at 04:50 AM.
Reason: fixed spelling
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
make a change in this entry only if you are using RSA security authentication to connect via ssh
Code:
IgnoreRhosts no
RhostsRSAAuthentication yes
IgnoreUserKnownHosts no
rest everything seems fine
just restart ssh and check..!!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
