LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices


Reply
  Search this Thread
Old 09-09-2010, 11:47 AM   #1
paziulek
Member
 
Registered: Mar 2009
Location: N.C.
Distribution: "gentoo|debian|arch"
Posts: 106

Rep: Reputation: 11
cannot login via ssh on a single, non root account - telnet ok


a user called, cannot login - forgot the password - common case ( 200 user system )- but this one seems to be a bit different:

user tries to log in via ssh - login/passwd incorrect,
via telnet - no problem

tried a few different users on ssh - no problem...

It seems the access denied applies to just a single, standard user account - only via ssh, all other users are able to login...

tried also to change the passwd, no difference.

beside re-creating the account, can you think about anything else?

system: RHEL AS3, 2.4.21-51ELsmp


Thanks!

Last edited by paziulek; 09-09-2010 at 11:48 AM.
 
Old 09-09-2010, 12:46 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
What does /var/log/secure say?
 
Old 09-09-2010, 01:14 PM   #3
paziulek
Member
 
Registered: Mar 2009
Location: N.C.
Distribution: "gentoo|debian|arch"
Posts: 106

Original Poster
Rep: Reputation: 11
Code:
 Failed password for illegal user [ login ] from [ IP } port [ portno ] ssh2
 User [ login ] not allowed because shell /bin/bash  does not exist
the /bin/bash error is a good joke...
the shell for every human on this system is /bin/bash...
only that specific user has the missing bash error

does not seem a file/dir permission... this was not changed since the system's install in 2006.. verified

the challenge/handshake/protocol negotiation on ssh finishes before the user login/password prompt,
so this should not be the problem... but it is still ssh related.

Quote:
Originally Posted by AlucardZero View Post
What does /var/log/secure say?

Last edited by paziulek; 09-09-2010 at 01:33 PM.
 
Old 09-09-2010, 01:19 PM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,520

Rep: Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944
Quote:
Originally Posted by paziulek View Post
Code:
 Failed password for illegal user [ login ] from [ IP } port [ portno ] ssh2
 User [ login ] not allowed because shell /bin/bash  does not exist
the /bin/bash error is a good joke...

the shell for every human on this system is /bin/bash...
Hmm....check the permissions on the /etc/shells file. Also, check IN that file, and make sure that /bin/bash is in there. And check the permissions on the /etc directory itself. Used to be, when installing portsentry, it would change permissions to "700", owned by root:root, so NO ONE but root could log in (couldn't access files in /etc). I've seen situations where if the file can't be accessed, it causes problems. Could be this one user is in a different group, or just ONE group, and doesn't have access to read down into /etc/....

You're running an old kernel/system, too, and I'm sure you've gotten the "upgrade it" speech before....
 
Old 09-09-2010, 01:30 PM   #5
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
For everyone's edification, at least do:

$ file /bin/bash && ls -l /bin/bash

I know RHEL3 versions of openssh did not support it, but are you trying to chroot the user? Also, are you doing anything strange in his ~/.bash_profile, ~/.bash_login, ~/.profile, or ~/.bashrc?
 
Old 09-09-2010, 01:43 PM   #6
paziulek
Member
 
Registered: Mar 2009
Location: N.C.
Distribution: "gentoo|debian|arch"
Posts: 106

Original Poster
Rep: Reputation: 11
Thank you for your response, I double checked, but non of the "globals" is the case, otherwise me, and other 199 users would not be able to log-in. there is just ONE standard 'users' group, and the "stubborn" user belongs also to it... yes, this is a controlled environment, database: PICK style ( 5y old release ) and software written for it is between 0 and 30 years old... hopefully next year we can go with 2.6 series kernel...

Thank you!


Quote:
Originally Posted by TB0ne View Post
Hmm....check the permissions on the /etc/shells file. Also, check IN that file, and make sure that /bin/bash is in there. And check the permissions on the /etc directory itself. Used to be, when installing portsentry, it would change permissions to "700", owned by root:root, so NO ONE but root could log in (couldn't access files in /etc). I've seen situations where if the file can't be accessed, it causes problems. Could be this one user is in a different group, or just ONE group, and doesn't have access to read down into /etc/....

You're running an old kernel/system, too, and I'm sure you've gotten the "upgrade it" speech before....
 
Old 09-09-2010, 01:56 PM   #7
paziulek
Member
 
Registered: Mar 2009
Location: N.C.
Distribution: "gentoo|debian|arch"
Posts: 106

Original Poster
Rep: Reputation: 11
Hello, I can su without a problem, but cannot pass login process on ssh.
no, I do not chroot, the ~/. files are customized to work with PICK, but, they are being read pass the login process, and ENVs being applied to both telnet and ssh sessions in the same way...
after Access denied, there is no ~/. files being accessed...

I do not want to just re-create this user, since next time I will end up with re-creating 200, and this will not be fun, since all of them have a bit different ~/.profile's ( each have a different database port number - a "virtual" port )

thank you!

Quote:
Originally Posted by anomie View Post
For everyone's edification, at least do:

$ file /bin/bash && ls -l /bin/bash

I know RHEL3 versions of openssh did not support it, but are you trying to chroot the user? Also, are you doing anything strange in his ~/.bash_profile, ~/.bash_login, ~/.profile, or ~/.bashrc?
 
Old 09-09-2010, 02:00 PM   #8
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
For the hell of it, try:
# chsh -s /bin/bash <borked_user_here>

Perhaps there is a bad (unprintable) character in his shell, and we are not seeing it in the log.
 
Old 09-09-2010, 02:25 PM   #9
paziulek
Member
 
Registered: Mar 2009
Location: N.C.
Distribution: "gentoo|debian|arch"
Posts: 106

Original Poster
Rep: Reputation: 11
Thanks for your suggestion... same result..
I also tried to log in from 3 different stations via ssh, using the same login, different ssh clients... works only via telnet... there is no limit on concurrent connections, no idea.. but still trying,

and the .profile does not have 'echo "Access denied";exit'

maybe openssh just hates that user (a scary thought)


Thanks!

ps: I rather restart the system than re-create the account... might work or not, but at least ( I hope ) I will know at what ground I am walking on.. It has a maintenance scheduled for Friday evening... I will let you know if that busted the ghost



Quote:
Originally Posted by anomie View Post
For the hell of it, try:
# chsh -s /bin/bash <borked_user_here>

Perhaps there is a bad (unprintable) character in his shell, and we are not seeing it in the log.

Last edited by paziulek; 09-09-2010 at 02:43 PM.
 
Old 09-13-2010, 10:10 PM   #10
mcd
Member
 
Registered: Aug 2003
Location: Denver, CO
Distribution: CentOS, Debian
Posts: 825

Rep: Reputation: 33
Well, you can restrict individual accounts or groups in the /etc/ssh/sshd_config file, but I don't think that would result in the error about missing /bin/bash. Hmm. Have you tried just temporarily moving the user's home directory? I mean, you don't have to remove or re-create the account, just move the home directory, try to log in, and then move it back. I'd be interested to know if that worked. Oh, and how thoroughly have you checked the /etc/passwd file for typos?
 
Old 09-14-2010, 08:14 AM   #11
paziulek
Member
 
Registered: Mar 2009
Location: N.C.
Distribution: "gentoo|debian|arch"
Posts: 106

Original Poster
Rep: Reputation: 11
Thank you mcd and ALL,

well, it is for me an unusual behavior, when telnet works ( used by about 40 users ), and ssh ( about 150 ), a passwd, permission, or profile(s) change could result in failed login on both services for that specific user - unless it is a ssh specific per user, custom configuration - none of this is being done...
I did not do any more troubleshooting ( I could still restart sshd, or re-create the user and re-do the custom .profile ). the system maintenance was done on last Friday, system restated, and I checked the ssh on that specific user... and it worked.(!@#$&!???).. so probably restarting sshd would also fix it... why? a bug in sshd that exposes itself in 1 of 1M logins - no idea. I might not see this ever again ( I hope I do not have to deal with RHEL 3 for more than I expect ;] )

Thank you ALL for all your suggestions!

and have a good day and low iowait!

paziulek




Quote:
Originally Posted by mcd View Post
Well, you can restrict individual accounts or groups in the /etc/ssh/sshd_config file, but I don't think that would result in the error about missing /bin/bash. Hmm. Have you tried just temporarily moving the user's home directory? I mean, you don't have to remove or re-create the account, just move the home directory, try to log in, and then move it back. I'd be interested to know if that worked. Oh, and how thoroughly have you checked the /etc/passwd file for typos?
 
Old 09-14-2010, 09:44 AM   #12
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,520

Rep: Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944Reputation: 7944
Thanks for posting a follow-up...was very curious as to what you'd find. STILL curious as to what caused this, as I'm sure you are. Glad you're all set,t hough.
 
Old 02-01-2013, 10:08 AM   #13
pklausner
LQ Newbie
 
Registered: Dec 2012
Posts: 7

Rep: Reputation: Disabled
I have a similar problem with RHEL6:
remote login via ssh fails for all users. I reloaded sshd with debug logging from my last available terminal (which proves it did work!) and find this for all users:

Code:
 sshd[12857]: User foobar not allowed because shell /bin/bash does not exist
All relevant files look ok to me, they are plain default from a fresh install:

Code:
root@bar~# ls -l /bin/bash
-rwxr-xr-x. 1 root root 939824 Jan 27  2011 /bin/bash

root@bar~# ls -ld /bin
dr-xr-xr-x. 2 root root 4096 Jan 15 11:47 /bin

root@bar~# egrep -i 'root|allow|deny' /etc/ssh/sshd_config
#PermitRootLogin yes
# be allowed through the ChallengeResponseAuthentication and
# the setting of "PermitRootLogin without-password".
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#ChrootDirectory none
#       AllowTcpForwarding no

root@bar~]# grep bash /etc/shells | od -xc
0000000    622f    6e69    622f    7361    0a68
          /   b   i   n   /   b   a   s   h  \n
0000012
Likewise, there are no stray characters in /etc/passwd, shadow.

The only thing I have not tried is a restart. If this won't fix it, I would need to walk
Any other ideas?Update: restart of sshd does not fix it. Interestingly it did _not_ kill my last session.

Last edited by pklausner; 02-01-2013 at 10:21 AM. Reason: Update:
 
Old 02-03-2013, 10:55 PM   #14
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,342

Rep: Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746
Well, there a few 'permissions' type things that might(?) trigger a similar msg

1. ownerships
2. perms
3. acls
4. SELinux
5. NIS
6. LDAP

You could check all relevant ones (eg you might or might not be using centralised auth ie NIS or LDAP)

also try
Code:
file /bin/bash

Hidden chars in /etc/passwd shell field?
 
Old 02-05-2013, 09:33 AM   #15
pklausner
LQ Newbie
 
Registered: Dec 2012
Posts: 7

Rep: Reputation: Disabled
od showed no extra chars in the other files.
Perms on all the files and directories looked ok, didn't they?
ACLS. I do not knowingly use them.
SELinux. ditto.
NIS & LDAP: I don't use them and PAM does not refer to them.

Anyway. A reboot revealed even bigger problems, like:
Code:
Mounting local filesystems:  /sbin/mount.tmpfs: line 40: /bin/grep: Permission denied
...
/sbin/mount.tmpfs: line 51: /bin/mount: Permission denied
/sbin/mount.tmpfs: line 51: exec: /bin/mount: cannot execute: Permission denied
...
Starting ksmtuned: /usr/sbin/ksmtuned: line 44: awk: command not found
/usr/sbin/ksmtuned: line 48: KSM_SLEEP_MSEC * 16 * 1024 * 1024 / total: division by 0 (error token is "total")
/usr/sbin/ksmtuned: line 49: [: -le: unary operator expected
/usr/sbin/ksmtuned: line 133: touch: command not found
Just have not enough time to hunt down the root cause
I stored away an image for later contemplation and rebuilt from scratch...

Thanks for your tips anyway

Last edited by pklausner; 02-05-2013 at 09:34 AM. Reason: Important detail: the system failed to boot!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
root terminal has different bash config when I ssh in vs su from another ssh account stardotstar Linux - General 4 07-01-2010 06:24 PM
Root account login oluwasijibomi Fedora 9 08-31-2009 07:02 AM
Root Account Disabled (not smart) Can not root LOGIN mitchellray Slackware 12 06-30-2009 12:52 PM
SSH/Telnet, disable root login, how? muhazam Linux - Security 6 08-17-2004 12:49 PM
chrooted telnet/ssh account sophie Linux - Software 0 09-03-2003 05:26 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat

All times are GMT -5. The time now is 10:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration