RE: non-root login problems

From: Aaron Roberts (aaron@domicilium.com)
Date: 12/18/02

  • Next message: vijay.somaya@orbitech.co.in: "Openssh-3.5, Kerberos 5 support"
    Date: Wed, 18 Dec 2002 14:45:27 -0000
    From: "Aaron Roberts" <aaron@domicilium.com>
    To: <secureshell@securityfocus.com>
    

    Hi Pierre,
            sshd_config is in the right place, I had to alter it to 'PermitRootLogin yes'.

    Thanks,
            Aaron

    -----Original Message-----
    From: Pierre Lamy [mailto:pierre@userid.org]
    Sent: 17 December 2002 18:12
    To: Aaron Roberts
    Subject: Re: non-root login problems

    Is the ssh config file the same place as before?

    Check /usr/local/etc

    P

    Aaron Roberts wrote:

    >Hi all,
    > I've just upgraded from openssh-3.0.2p1 to openssh-3.4p1 on a RedHat 7.1 Linux machine.
    >
    >sshd runs fine, but I can no longer login except with username root!
    >
    >What puzzles me is that the exact same useraccount could login ok before the upgrade - I have also performed the same upgrade on other similar systems with no problem.
    >
    >Does anyone have any ideas?
    >
    >Many thanks,
    > Aaron
    >
    >I have included configure options, debug output and sshd_config below, I'm using PuTTY 0.51 to connect:
    >
    >---------------------------------------------
    >
    >CFLAGS="-O3 -march=i686 -mcpu=i686 -funroll-loops" \
    > ./configure \
    > --prefix=/usr \
    > --sysconfdir=/etc/ssh \
    > --libexecdir=/usr/libexec/openssh \
    > --mandir=/usr/share/man \
    > --with-pam \
    > --with-ipaddr-display \
    > --with-ipv4-default \
    > --with-md5-passwords
    >
    >------------------------------------------
    >
    >[root@betty /]# sshd -d
    >
    >debug1: sshd version OpenSSH_3.4p1
    >debug1: private host key: #0 type 0 RSA1
    >debug1: read PEM private key done: type DSA
    >debug1: private host key: #1 type 2 DSA
    >debug1: read PEM private key done: type RSA
    >debug1: private host key: #2 type 1 RSA
    >debug1: Bind to port 22 on 0.0.0.0.
    >Server listening on 0.0.0.0 port 22.
    >Generating 768 bit RSA key.
    >RSA key generation complete.
    >debug1: Server will not fork when running in debugging mode.
    >Connection from x.x.x.x port 1409
    >debug1: Client protocol version 2.0; client software version PuTTY
    >debug1: no match: PuTTY
    >Enabling compatibility mode for protocol 2.0
    >debug1: Local version string SSH-1.99-OpenSSH_3.4p1
    >debug1: list_hostkey_types: ssh-dss,ssh-rsa
    >debug1: SSH2_MSG_KEXINIT sent
    >debug1: SSH2_MSG_KEXINIT received
    >debug1: kex: client->server 3des-cbc hmac-sha1 zlib
    >debug1: kex: server->client 3des-cbc hmac-sha1 zlib
    >debug1: dh_gen_key: priv key bits set: 195/384
    >debug1: bits set: 491/1024
    >debug1: expecting SSH2_MSG_KEXDH_INIT
    >debug1: bits set: 507/1024
    >debug1: kex_derive_keys
    >debug1: newkeys: mode 1
    >debug1: Enabling compression at level 6.
    >debug1: SSH2_MSG_NEWKEYS sent
    >debug1: waiting for SSH2_MSG_NEWKEYS
    >debug1: newkeys: mode 0
    >debug1: SSH2_MSG_NEWKEYS received
    >debug1: KEX done
    >debug1: userauth-request for user remote service ssh-connection method password
    >debug1: attempt 0 failures 0
    >debug1: Starting up PAM with username "remote"
    >debug1: PAM setting rhost to "x.x.x.x"
    >debug1: PAM Password authentication accepted for user "remote"
    >Accepted password for remote from x.x.x.x port 1409 ssh2
    >Accepted password for remote from x.x.x.x port 1409 ssh2
    >debug1: monitor_child_preauth: remote has been authenticated by privileged process
    >debug1: PAM establishing creds
    >debug1: newkeys: mode 0
    >debug1: newkeys: mode 1
    >debug1: Entering interactive session for SSH2.
    >debug1: fd 7 setting O_NONBLOCK
    >debug1: fd 8 setting O_NONBLOCK
    >debug1: server_init_dispatch_20
    >debug1: server_input_channel_open: ctype session rchan 100 win 32768 max 16384
    >debug1: input_session_request
    >debug1: channel 0: new [server-session]
    >debug1: session_new: init
    >debug1: session_new: session 0
    >debug1: session_open: channel 0
    >debug1: session_open: session 0: link with channel 0
    >debug1: server_input_channel_open: confirm session
    >debug1: server_input_channel_req: channel 0 request pty-req reply 1
    >debug1: session_by_channel: session 0 channel 0
    >debug1: session_input_channel_req: session 0 req pty-req
    >login_get_lastlog: Cannot find account for uid 500
    >debug1: Calling cleanup 0x80699a0(0x0)
    >debug1: channel_free: channel 0: server-session, nchannels 1
    >debug1: Calling cleanup 0x8054470(0x0)
    >debug1: Calling cleanup 0x8078300(0x0)
    >debug1: Calling cleanup 0x8054470(0x0)
    >debug1: Calling cleanup 0x8078300(0x0)
    >
    >-------------------------------------------------
    >
    >Port 22
    >ListenAddress 0.0.0.0
    >HostKey /etc/ssh/ssh_host_key
    >HostKey /etc/ssh/ssh_host_dsa_key
    >HostKey /etc/ssh/ssh_host_rsa_key
    >ServerKeyBits 768
    >LoginGraceTime 60
    >KeyRegenerationInterval 3600
    >PermitRootLogin yes
    >IgnoreRhosts yes
    >IgnoreUserKnownHosts yes
    >StrictModes yes
    >X11Forwarding no
    >PrintMotd yes
    >KeepAlive yes
    >SyslogFacility AUTH
    >LogLevel INFO
    >RhostsAuthentication no
    >RhostsRSAAuthentication no
    >RSAAuthentication yes
    >PasswordAuthentication yes
    >PermitEmptyPasswords no
    >AllowUsers aaron2 aaron remote 500 root
    >PAMAuthenticationViaKbdInt yes
    >Subsystem sftp /usr/libexec/openssh/sftp-server
    >
    >--------------------------------------------------
    >
    >Aaron Roberts mailto:aroberts@domicilium.com
    >Technical Support Engineer
    >Domicilium (IOM) Ltd.
    >32-34 Malew Street
    >Castletown
    >Isle of Man
    >IM9 1AF
    >Tel: 01624 825278
    >Fax: 01624 829525
    >http://www.domicilium.com
    >
    >



    Relevant Pages

    • Odd Openssh Error: buffer_get_int: buffer error
      ... I belive the connecting system is also using Openssl ... the one that can't login (we'll call it ... debug1: Host 'serving.host' is known and matches the RSA host key ... Only protocol 2 key ssh login is enabled on this host (here called ...
      (comp.security.ssh)
    • OpenSSH with restricted access
      ... Im able to compile openssh and login with standard user accounts. ... changeroot to the enviroments using the changeroot command and they seem ... debug1: ssh-userauth2 successful: method password ...
      (comp.security.ssh)
    • Re: Cant log in as anything but root via SSH
      ... on the remote machine do alt+crtl+f1 and login ... with the fmain user). ... debug1: Connection established. ...
      (SSH)
    • Changed public/private key, but can still login
      ... I have two debian Linux computers, server Nimrod and Marcus. ... publickey authentification. ... With ssh I was able to login from Marcus to Nimrod without giving an ... debug1: Connection established. ...
      (comp.security.ssh)
    • Re: ssh session exits after authentication
      ... if you attempt to login to ssh as user root and the sshd_config is not ... Whenever I login remotely, the ... > debug1: Server will not fork when running in debugging mode. ... > debug1: Entering interactive session. ...
      (SSH)