Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
09-02-2003, 06:38 AM
|
#1
|
LQ Newbie
Registered: Sep 2003
Posts: 2
Rep:
|
Redhat Linux login problem with non-root user
Hi there,
I have an SSH login problem with our newly installed RedHat Advanced Server 2.1 running on Dell PowerEdge 1750. I CAN SSH into it if I log in as root, however, if I try to log in as normal user, error message 'connection closed' will appear.
Anybody has encountered simliar problem? I don't think it's ssh problem, as I turn on sshd verbose level to DEBUG, sshd is not complaining anything. Instead, I believe it should have something to do with my PAM configuration, but I am new to PAM and cannot find anything wrong with those config files.
Here is my /etc/pam.d/sshd:
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
And here is my /etc/pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
Besides, when I SSH in as root, I can find the following messages in sshd log, which are missing when I ssh in as normal user:
PAM establishing creds
channel 0: rfd 7 isatty
fd 7 setting O_NONBLOCK
Thanks in advance for your enlightenment.
|
|
|
09-03-2003, 04:38 AM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
Haven't seen that prob. Checking these items next to what you've already shown would be the first things I'd do:
- SSH related: the /etc/ssh/ssh_ and sshd_ configs for DenyUsers or DenyGroups directives,
- PAM related: /etc/security/limits.conf for "login" directives for the user: if you limit those, make sure ssh-enabled users are allowed logins+1,
- TCP Wrappers: /etc/hosts.(deny|allow) for any IP, group or user based blocks.
Less common would be specific netfilter (iptables) rules using extensions like string or UID match, or IP blocks. While you're at it also check the users' ~/.ssh dir for right sig and config as well, even tho I can't imagine the problem to be in ~/.ssh.
If you ssh in as that user, specifying "-v -v -v" on the cmdline should give you all excessive and gory details of the connection and handshake buildup. Scrubbing IP addy's and posting the details *could* help.
|
|
|
All times are GMT -5. The time now is 02:53 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|