cannot login via ssh on a single, non root account - telnet ok
Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Failed password for illegal user [ login ] from [ IP } port [ portno ] ssh2
User [ login ] not allowed because shell /bin/bash does not exist
the /bin/bash error is a good joke...
the shell for every human on this system is /bin/bash...
only that specific user has the missing bash error
does not seem a file/dir permission... this was not changed since the system's install in 2006.. verified
the challenge/handshake/protocol negotiation on ssh finishes before the user login/password prompt,
so this should not be the problem... but it is still ssh related.
Failed password for illegal user [ login ] from [ IP } port [ portno ] ssh2
User [ login ] not allowed because shell /bin/bash does not exist
the /bin/bash error is a good joke...
the shell for every human on this system is /bin/bash...
Hmm....check the permissions on the /etc/shells file. Also, check IN that file, and make sure that /bin/bash is in there. And check the permissions on the /etc directory itself. Used to be, when installing portsentry, it would change permissions to "700", owned by root:root, so NO ONE but root could log in (couldn't access files in /etc). I've seen situations where if the file can't be accessed, it causes problems. Could be this one user is in a different group, or just ONE group, and doesn't have access to read down into /etc/....
You're running an old kernel/system, too, and I'm sure you've gotten the "upgrade it" speech before....
I know RHEL3 versions of openssh did not support it, but are you trying to chroot the user? Also, are you doing anything strange in his ~/.bash_profile, ~/.bash_login, ~/.profile, or ~/.bashrc?
Thank you for your response, I double checked, but non of the "globals" is the case, otherwise me, and other 199 users would not be able to log-in. there is just ONE standard 'users' group, and the "stubborn" user belongs also to it... yes, this is a controlled environment, database: PICK style ( 5y old release ) and software written for it is between 0 and 30 years old... hopefully next year we can go with 2.6 series kernel...
Thank you!
Quote:
Originally Posted by TB0ne
Hmm....check the permissions on the /etc/shells file. Also, check IN that file, and make sure that /bin/bash is in there. And check the permissions on the /etc directory itself. Used to be, when installing portsentry, it would change permissions to "700", owned by root:root, so NO ONE but root could log in (couldn't access files in /etc). I've seen situations where if the file can't be accessed, it causes problems. Could be this one user is in a different group, or just ONE group, and doesn't have access to read down into /etc/....
You're running an old kernel/system, too, and I'm sure you've gotten the "upgrade it" speech before....
Hello, I can su without a problem, but cannot pass login process on ssh.
no, I do not chroot, the ~/. files are customized to work with PICK, but, they are being read pass the login process, and ENVs being applied to both telnet and ssh sessions in the same way...
after Access denied, there is no ~/. files being accessed...
I do not want to just re-create this user, since next time I will end up with re-creating 200, and this will not be fun, since all of them have a bit different ~/.profile's ( each have a different database port number - a "virtual" port )
thank you!
Quote:
Originally Posted by anomie
For everyone's edification, at least do:
$ file /bin/bash && ls -l /bin/bash
I know RHEL3 versions of openssh did not support it, but are you trying to chroot the user? Also, are you doing anything strange in his ~/.bash_profile, ~/.bash_login, ~/.profile, or ~/.bashrc?
Thanks for your suggestion... same result..
I also tried to log in from 3 different stations via ssh, using the same login, different ssh clients... works only via telnet... there is no limit on concurrent connections, no idea.. but still trying,
and the .profile does not have 'echo "Access denied";exit'
maybe openssh just hates that user (a scary thought)
Thanks!
ps: I rather restart the system than re-create the account... might work or not, but at least ( I hope ) I will know at what ground I am walking on.. It has a maintenance scheduled for Friday evening... I will let you know if that busted the ghost
Quote:
Originally Posted by anomie
For the hell of it, try: # chsh -s /bin/bash <borked_user_here>
Perhaps there is a bad (unprintable) character in his shell, and we are not seeing it in the log.
Well, you can restrict individual accounts or groups in the /etc/ssh/sshd_config file, but I don't think that would result in the error about missing /bin/bash. Hmm. Have you tried just temporarily moving the user's home directory? I mean, you don't have to remove or re-create the account, just move the home directory, try to log in, and then move it back. I'd be interested to know if that worked. Oh, and how thoroughly have you checked the /etc/passwd file for typos?
well, it is for me an unusual behavior, when telnet works ( used by about 40 users ), and ssh ( about 150 ), a passwd, permission, or profile(s) change could result in failed login on both services for that specific user - unless it is a ssh specific per user, custom configuration - none of this is being done...
I did not do any more troubleshooting ( I could still restart sshd, or re-create the user and re-do the custom .profile ). the system maintenance was done on last Friday, system restated, and I checked the ssh on that specific user... and it worked.(!@#$&!???).. so probably restarting sshd would also fix it... why? a bug in sshd that exposes itself in 1 of 1M logins - no idea. I might not see this ever again ( I hope I do not have to deal with RHEL 3 for more than I expect ;] )
Thank you ALL for all your suggestions!
and have a good day and low iowait!
paziulek
Quote:
Originally Posted by mcd
Well, you can restrict individual accounts or groups in the /etc/ssh/sshd_config file, but I don't think that would result in the error about missing /bin/bash. Hmm. Have you tried just temporarily moving the user's home directory? I mean, you don't have to remove or re-create the account, just move the home directory, try to log in, and then move it back. I'd be interested to know if that worked. Oh, and how thoroughly have you checked the /etc/passwd file for typos?
Thanks for posting a follow-up...was very curious as to what you'd find. STILL curious as to what caused this, as I'm sure you are. Glad you're all set,t hough.
I have a similar problem with RHEL6:
remote login via ssh fails for all users. I reloaded sshd with debug logging from my last available terminal (which proves it did work!) and find this for all users:
Code:
sshd[12857]: User foobar not allowed because shell /bin/bash does not exist
All relevant files look ok to me, they are plain default from a fresh install:
Code:
root@bar~# ls -l /bin/bash
-rwxr-xr-x. 1 root root 939824 Jan 27 2011 /bin/bash
root@bar~# ls -ld /bin
dr-xr-xr-x. 2 root root 4096 Jan 15 11:47 /bin
root@bar~# egrep -i 'root|allow|deny' /etc/ssh/sshd_config
#PermitRootLogin yes
# be allowed through the ChallengeResponseAuthentication and
# the setting of "PermitRootLogin without-password".
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#ChrootDirectory none
# AllowTcpForwarding no
root@bar~]# grep bash /etc/shells | od -xc
0000000 622f 6e69 622f 7361 0a68
/ b i n / b a s h \n
0000012
Likewise, there are no stray characters in /etc/passwd, shadow.
The only thing I have not tried is a restart. If this won't fix it, I would need to walk
Any other ideas?Update: restart of sshd does not fix it. Interestingly it did _not_ kill my last session.
Last edited by pklausner; 02-01-2013 at 10:21 AM.
Reason: Update:
od showed no extra chars in the other files.
Perms on all the files and directories looked ok, didn't they?
ACLS. I do not knowingly use them.
SELinux. ditto.
NIS & LDAP: I don't use them and PAM does not refer to them.
Anyway. A reboot revealed even bigger problems, like:
Code:
Mounting local filesystems: /sbin/mount.tmpfs: line 40: /bin/grep: Permission denied
...
/sbin/mount.tmpfs: line 51: /bin/mount: Permission denied
/sbin/mount.tmpfs: line 51: exec: /bin/mount: cannot execute: Permission denied
...
Starting ksmtuned: /usr/sbin/ksmtuned: line 44: awk: command not found
/usr/sbin/ksmtuned: line 48: KSM_SLEEP_MSEC * 16 * 1024 * 1024 / total: division by 0 (error token is "total")
/usr/sbin/ksmtuned: line 49: [: -le: unary operator expected
/usr/sbin/ksmtuned: line 133: touch: command not found
Just have not enough time to hunt down the root cause
I stored away an image for later contemplation and rebuilt from scratch...
Thanks for your tips anyway
Last edited by pklausner; 02-05-2013 at 09:34 AM.
Reason: Important detail: the system failed to boot!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.