"PAM rejected by account configuration" and "fatal: monitor_read: unsupported request: 24" problem at secong sshd instance

From: Istvan Viczian (vici_at_dof.se)
Date: 01/19/04

  • Next message: Robert Khachikyan: "[Fwd: Re: disconnecting when idle problem]" 
    Date: Mon, 19 Jan 2004 23:41:43 +0100
To: secureshell@securityfocus.com, openssh-unix-dev@mindrot.org

    Hi,

    I setup two sshd instance (using OpenSSH_3.5p1 bins on redhat7.2 kernel
    2.4.20-19.7smp ) in order to achieve differnet sshd settings (e.g use
    different auth.method) on two different network interfaces (both on port
    22).

    For example to setup Hostbased authetication on the 1st sshd
    and RSA pub. key auth. on the second:

    The 1st instance config file /etc/ssh/sshd_config looks like:

      Protocol 2
      ListenAddress 10.0.0.1
      PidFile /var/run/sshd.pid
      SyslogFacility DAEMON
      LogLevel DEBUG3
      IgnoreRhosts yes
      HostbasedAuthentication yes
      PubkeyAuthentication no
      PasswordAuthentication no
      PermitEmptyPasswords no

    The 2nd instance config file: /etc/ssh2/sshd_config
    almost the same with the necesary differences:

      Protocol 2
      ListenAddress 10.0.0.2
      PidFile /var/run/sshd2.pid
      SyslogFacility DAEMON
      LogLevel DEBUG3
      IgnoreRhosts yes
      HostbasedAuthentication yes
      PubkeyAuthentication no
      PasswordAuthentication no
      PermitEmptyPasswords no

    ( the second instance started with : sshd -f /etc/ssh2/sshd_config
    without any problem)

    When I started the two daemon, the first instance
    ( which uses the default /etc/ssh conf. dir.)
    always worked properly (login from host 10.0.0.11 as user2)
    independently form the used auth. method
    , but the second daemon always failed after the successfull
    authentication with

       "PAM rejected by account configuration[]: User account has expired"
       and
       "fatal: monitor_read: unsupported request: 24"

    error messages (see detailed logs below ).

    I also tried to run only the second instance, and the same problem
    appeared! So it seems for me that the problem is reduced to using non
    default sshd config file!

    sshd2 LOG in case of RSA pub. key was set on it:

    #Jan 19 23:31:11 mach sshd2[2918]: debug1: trying public key file
    /home/user2/.ssh/authorized_keys
    #Jan 19 23:31:11 mach sshd2[2918]: debug3: secure_filename: checking
    '/home/user2/.ssh'
    #Jan 19 23:31:11 mach sshd2[2918]: debug3: secure_filename: checking
    '/home/user2'
    #Jan 19 23:31:11 mach sshd2[2918]: debug3: secure_filename: terminating
    check at '/home/user2'
    #Jan 19 23:31:11 mach sshd2[2918]: debug1: matching key found: file
    /home/user2/.ssh/authorized_keys, line 1
    #Jan 19 23:31:11 mach sshd2[2918]: Found matching RSA key:
    fe:45:ce:60:fd:5c:a2:79:db:86:65:15:ad:d2:b2:e4
    #Jan 19 23:31:11 mach sshd2[2918]: debug1: restore_uid: 0/0
    #Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_answer_keyallowed: key
    0x80a5928 is allowed
    #Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_send entering: type 21
    #Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_receive entering
    #Jan 19 23:31:11 mach sshd2[2918]: debug3: monitor_read: checking request 22
    #Jan 19 23:31:11 mach sshd2[2918]: debug1: ssh_rsa_verify: signature correct
    #Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_answer_keyverify: key
    0x80a5b40 signature verified
    #Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_send entering: type 23
    #Jan 19 23:31:11 mach sshd2[2918]: debug2: pam_acct_mgmt() = 13
    #Jan 19 23:31:11 mach sshd2[2918]: PAM rejected by account
    configuration[13]: User account has expired
    #Jan 19 23:31:11 mach sshd2[2918]: Failed publickey for user2 from
    10.0.0.11 port 16760 ssh2
    #Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_receive entering
    #Jan 19 23:31:11 mach sshd2[2918]: debug3: monitor_read: checking request 24
    #Jan 19 23:31:11 mach sshd2[2918]: fatal: monitor_read: unsupported
    request: 24
    #Jan 19 23:31:11 mach sshd2[2918]: debug1: Calling cleanup 0x8054370(0x0)

    sshd2 LOG in case of Hostbased Auth. was set on it:

    #Jan 19 21:11:22 mach sshd2[21184]: debug2: userauth_hostbased: access
    allowed by auth_rhosts2
    #Jan 19 21:11:22 mach sshd2[21184]: debug3: check_host_in_hostfile:
    #filename /etc/ssh/ssh_known_hosts
    #Jan 19 21:11:22 mach sshd2[21184]: debug3: check_host_in_hostfile:
    match line 6
    #Jan 19 21:11:22 mach sshd2[21184]: debug2: check_key_in_hostfiles: key
    ok for test1.fas.utv.skanova.net
    #Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_answer_keyallowed: key
    0x80a60a8 is allowed
    #Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_append_debug: Appending
    debug messages for child
    #Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_send entering:
    type 21
    #Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_receive entering
    #Jan 19 21:11:22 mach sshd2[21184]: debug3: monitor_read: checking
    request 22
    #Jan 19 21:11:22 mach sshd2[21184]: debug1: ssh_rsa_verify: signature
    correct
    #Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_answer_keyverify: key
    0x80a62f8 signature verified
    #Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_send entering:
    type 23
    #Jan 19 21:11:22 mach sshd2[21184]: debug2: pam_acct_mgmt() = 13
    #Jan 19 21:11:22 mach sshd2[21184]: PAM rejected by account
    configuration[13]: User account has expired
    #Jan 19 21:11:22 mach sshd2[21184]: Failed hostbased for user2 from
    10.0.0.11 port 16708 ssh2
    #Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_receive entering
    #Jan 19 21:11:22 mach sshd2[21184]: debug3: monitor_read: checking
    request 24
    #Jan 19 21:11:22 mach sshd2[21184]: fatal: monitor_read: unsupported
    request: 24
    #Jan 19 21:11:22 mach sshd2[21184]: debug1: Calling cleanup 0x8054370(0x0)

    Any ideas what can be the problem?
    Regards,
    Istvan

  • Next message: Robert Khachikyan: "[Fwd: Re: disconnecting when idle problem]"