LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   ssh PasswordAuthentication scheme + Kerberos = invalid user (https://www.linuxquestions.org/questions/linux-software-2/ssh-passwordauthentication-scheme-kerberos-%3D-invalid-user-4175558969/)

DaveQB 11-16-2015 12:49 AM
ssh PasswordAuthentication scheme + Kerberos = invalid user
 
Hi,

I've spent the best part of the day on this.

Our service team are using an online service (ServiceNow) that needs to access a continuously updated file. I set them up a standard chroot sftp only account but this did not work.

Digging away these are the highlights:

I found in ssh debug mode there was a difference with this app than when a user logged in:

Code:
debug1: userauth-request for user servicenow2 service ssh-connection method password [preauth]
Code:
debug1: userauth-request for user servicenow service ssh-connection method none [preauth]
So that turns out we needed to enable "PasswordAuthenticaion" on the server for this account as this online services sends the username and password rather than using an interactive login. Fair enough.

Next I found that in -ddd mode for ssh we had errors like this:

Code:
input_userauth_request: invalid user servicenow  [preauth]
So I created a local user on the server, used that and we had success.

So somehow using PasswordAuthentication breaks ssh and PAM/kerberos.

Does anyone know how this works and why? It seems like PasswordAuthentication simply does a local user look up and doesn't use PAM. Is there no setting for this?

Thanks for reading.


All times are GMT -5. The time now is 06:38 PM.