non-root login problems
From: Aaron Roberts (aaron@domicilium.com)
Date: 12/17/02
- Previous message: David Danovich: "ssh-agent and ssh-add automatically"
- Next in thread: Aaron Roberts: "RE: non-root login problems"
- Maybe reply: Aaron Roberts: "RE: non-root login problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 17 Dec 2002 15:53:23 -0000 From: "Aaron Roberts" <aaron@domicilium.com> To: <secureshell@securityfocus.com>
Hi all,
I've just upgraded from openssh-3.0.2p1 to openssh-3.4p1 on a RedHat 7.1 Linux machine.
sshd runs fine, but I can no longer login except with username root!
What puzzles me is that the exact same useraccount could login ok before the upgrade - I have also performed the same upgrade on other similar systems with no problem.
Does anyone have any ideas?
Many thanks,
Aaron
I have included configure options, debug output and sshd_config below, I'm using PuTTY 0.51 to connect:
---------------------------------------------
CFLAGS="-O3 -march=i686 -mcpu=i686 -funroll-loops" \
./configure \
--prefix=/usr \
--sysconfdir=/etc/ssh \
--libexecdir=/usr/libexec/openssh \
--mandir=/usr/share/man \
--with-pam \
--with-ipaddr-display \
--with-ipv4-default \
--with-md5-passwords
------------------------------------------
[root@betty /]# sshd -d
debug1: sshd version OpenSSH_3.4p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type RSA
debug1: private host key: #2 type 1 RSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from x.x.x.x port 1409
debug1: Client protocol version 2.0; client software version PuTTY
debug1: no match: PuTTY
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.4p1
debug1: list_hostkey_types: ssh-dss,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server 3des-cbc hmac-sha1 zlib
debug1: kex: server->client 3des-cbc hmac-sha1 zlib
debug1: dh_gen_key: priv key bits set: 195/384
debug1: bits set: 491/1024
debug1: expecting SSH2_MSG_KEXDH_INIT
debug1: bits set: 507/1024
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user remote service ssh-connection method password
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "remote"
debug1: PAM setting rhost to "x.x.x.x"
debug1: PAM Password authentication accepted for user "remote"
Accepted password for remote from x.x.x.x port 1409 ssh2
Accepted password for remote from x.x.x.x port 1409 ssh2
debug1: monitor_child_preauth: remote has been authenticated by privileged process
debug1: PAM establishing creds
debug1: newkeys: mode 0
debug1: newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug1: fd 7 setting O_NONBLOCK
debug1: fd 8 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 100 win 32768 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
login_get_lastlog: Cannot find account for uid 500
debug1: Calling cleanup 0x80699a0(0x0)
debug1: channel_free: channel 0: server-session, nchannels 1
debug1: Calling cleanup 0x8054470(0x0)
debug1: Calling cleanup 0x8078300(0x0)
debug1: Calling cleanup 0x8054470(0x0)
debug1: Calling cleanup 0x8078300(0x0)
-------------------------------------------------
Port 22
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_rsa_key
ServerKeyBits 768
LoginGraceTime 60
KeyRegenerationInterval 3600
PermitRootLogin yes
IgnoreRhosts yes
IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
PrintMotd yes
KeepAlive yes
SyslogFacility AUTH
LogLevel INFO
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
AllowUsers aaron2 aaron remote 500 root
PAMAuthenticationViaKbdInt yes
Subsystem sftp /usr/libexec/openssh/sftp-server
--------------------------------------------------
Aaron Roberts mailto:aroberts@domicilium.com
Technical Support Engineer
Domicilium (IOM) Ltd.
32-34 Malew Street
Castletown
Isle of Man
IM9 1AF
Tel: 01624 825278
Fax: 01624 829525
http://www.domicilium.com
- Next message: Meelis Kiisel: "Re: Passwordless ssh, "once and for all"..."
- Previous message: David Danovich: "ssh-agent and ssh-add automatically"
- Next in thread: Aaron Roberts: "RE: non-root login problems"
- Maybe reply: Aaron Roberts: "RE: non-root login problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
