LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-12-2009, 11:06 PM   #1
sunchai
LQ Newbie
 
Registered: Jun 2009
Posts: 4

Rep: Reputation: 0
Smile Authentication fail to login in RHEL 5


I try to login with users in RHEL 5, and it popup "Authentication fail". But it work fine when login with root! When I check my System log: there are lots of login users that is not in my server. For example:
-----------------------------
Jun 7 05:44:50 nat sshd[27173]: input_userauth_request: invalid user aq
Jun 7 05:44:50 nat sshd[27173]: fatal: setegid 4294967295: Invalid argument
Jun 7 05:44:52 nat sshd[27176]: Invalid user aw from 192.168.1.1
Jun 7 05:44:52 nat sshd[27176]: Excess permission or bad ownership on file /var/log/btmp
Jun 7 05:44:52 nat sshd[27176]: input_userauth_request: invalid user aw
Jun 7 05:44:52 nat sshd[27176]: fatal: setegid 4294967295: Invalid argument
Jun 7 05:44:57 nat sshd[27179]: Invalid user ae from 192.168.1.1
Jun 7 05:44:57 nat sshd[27179]: Excess permission or bad ownership on file /var/log/btmp
Jun 7 05:44:57 nat sshd[27179]: input_userauth_request: invalid user ae
Jun 7 05:44:57 nat sshd[27179]: fatal: setegid 4294967295: Invalid argument
Jun 7 05:44:59 nat sshd[27182]: Invalid user ar from 192.168.1.1
Jun 7 05:44:59 nat sshd[27182]: Excess permission or bad ownership on file /var/log/btmp
Jun 7 05:44:59 nat sshd[27182]: input_userauth_request: invalid user ar
Jun 7 05:44:59 nat sshd[27182]: fatal: setegid 4294967295: Invalid argument
Jun 7 05:45:01 nat sshd[27185]: Invalid user at from 192.168.1.1
Jun 7 05:45:01 nat sshd[27185]: Excess permission or bad ownership on file /var/log/btmp
Jun 7 05:45:01 nat sshd[27185]: input_userauth_request: invalid user at
Jun 7 05:45:01 nat sshd[27185]: fatal: setegid 4294967295: Invalid argument
------------------
 
Old 06-13-2009, 12:54 AM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by sunchai
I try to login with users in RHEL 5, and it popup "Authentication fail". But it work fine when login with root!
It may be that the logs are trying to tell you something, eh? Here's how ownership/permissions look on my CentOS 5 server:
Code:
%ls -l /var/log/btmp 
-rw------- 1 root utmp 12288 Apr 17 13:17 /var/log/btmp
Quote:
Originally Posted by sunchai
When I check my System log: there are lots of login users that is not in my server. For example:
-----------------------------
Jun 7 05:44:50 nat sshd[27173]: input_userauth_request: invalid user aq
Jun 7 05:44:50 nat sshd[27173]: fatal: setegid 4294967295: Invalid argument
Jun 7 05:44:52 nat sshd[27176]: Invalid user aw from 192.168.1.1
It looks like you're forwarding requests from a NAT device to your (backend) server. You really need to disable that until you've secured things properly. A search for "hardening sshd" on this forum should help.
 
Old 06-15-2009, 01:46 AM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 7.7 (?), Centos 8.1
Posts: 17,954

Rep: Reputation: 2634Reputation: 2634Reputation: 2634Reputation: 2634Reputation: 2634Reputation: 2634Reputation: 2634Reputation: 2634Reputation: 2634Reputation: 2634Reputation: 2634
Certainly looks like an automated attack, looking at the usernames.
You should disable root ssh login anyway.
Use another non-priv user, then su or sudo to do root work.
 
Old 06-21-2009, 10:23 PM   #4
sunchai
LQ Newbie
 
Registered: Jun 2009
Posts: 4

Original Poster
Rep: Reputation: 0
Smile

Thank you very much both anomie and chrism01. According to the new linux user, I decided to reinstall my RHEL again.
 
Old 06-22-2009, 04:53 AM   #5
vap16oct1984
Member
 
Registered: Jun 2009
Location: INDIA
Distribution: RHEL-5
Posts: 174
Blog Entries: 3

Rep: Reputation: 38
hey pls stop no need to reinstall linux. its so simple just tell me how are trying to login. i mean is this users are local user or u try to login through network.If network then pls elaborate.
 
Old 06-24-2009, 05:20 AM   #6
sunchai
LQ Newbie
 
Registered: Jun 2009
Posts: 4

Original Poster
Rep: Reputation: 0
Only root can login while others cannot login from the login screen.
 
Old 06-24-2009, 05:38 AM   #7
nowonmai
Member
 
Registered: Jun 2003
Posts: 481

Rep: Reputation: 48
When you say 'login screen' do mean the console, as in the display and keyboard actually plugged into the box, or over a network, like ssh?
 
Old 06-24-2009, 05:42 AM   #8
vap16oct1984
Member
 
Registered: Jun 2009
Location: INDIA
Distribution: RHEL-5
Posts: 174
Blog Entries: 3

Rep: Reputation: 38
still we are not sure what do u mean by login screen??? is it console ??? are u try to logon over network by using ssh or some other techaniccs???
 
Old 06-25-2009, 01:43 AM   #9
sunchai
LQ Newbie
 
Registered: Jun 2009
Posts: 4

Original Poster
Rep: Reputation: 0
Yeap, it is the login console. I try to login with ssh which is fine when I login at server.
 
Old 06-25-2009, 02:14 AM   #10
vap16oct1984
Member
 
Registered: Jun 2009
Location: INDIA
Distribution: RHEL-5
Posts: 174
Blog Entries: 3

Rep: Reputation: 38
so whats the problem??? u can login so enjoy the work.
Others cannot login, for others users u have have generate ssh key

Ater generating ssh key others users can also login very easily.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
RSA Key Authentication with SSH fail with no reply for publickey powah Linux - Security 2 11-18-2006 01:24 PM
Login problems with XDMCP from a pre-RHEL-4 client to a RHEL-4 server running KDE cspao Red Hat 0 07-21-2006 07:30 AM
Fail to install mod_jk2 on RHEL 4 AMD 64 ogross74 Red Hat 2 09-10-2005 08:40 AM
Squid monitoring and authentication on RHEL 3 ES jterr02 Linux - Enterprise 1 03-02-2005 01:44 AM
Graphical login fail, text login works livewire98801 Linux - General 2 10-11-2004 07:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration