OpenSSH and nsswitch

• Previous message: Richard E. Silverman: "Re: SSH-Agent isn't responding after logout and relogin"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: ben@bensinclair.com (Ben Sinclair)
Date: 8 Feb 2002 12:53:59 -0800

I'm trying to use OpenSSH and a nsswitch module that lets me
authenticate via a database.

The system is running Debian 2.2 and I have a Debian-packaged version
of OpenSSH 1.2.3 that properly uses the module and lets me login.

I upgraded to the latest version of OpenSSH and used the chroot patch,
but this new version doesn't use the module properly. It seems to not
pass the username to the module, so it fails. Here is some output from
auth.log:

Feb 8 14:48:03 client nss-mysql[6170]: getpwuid called for 0
Feb 8 14:48:03 client ssh[6170]: _nss_mysql_read_conf_file: called
for section users
Feb 8 14:48:03 client ssh[6170]: _nss_mysql_read_conf_file ended for
section users
Feb 8 14:48:03 client ssh[6170]: _nss_mysql_db_connect: connection
with host=localhost,user=xxxx,passwd=xxxxx,database=xxxx,port=3306
Feb 8 14:48:03 client ssh[6170]: _nss_mysql_passwd_fill_struct called
for uid 0
Feb 8 14:48:03 client ssh[6170]: _nss_mysql_sqlprintf():
buffersize=1024, len=197
Feb 8 14:48:03 client ssh[6170]: _nss_mysql_passwd_fill_struct: SQL
statement: select users.username,users.id +
2000,encrypt(users.password,'$1$'),users.username,"/bin/bash",concat(concat('/usr/sshomes/',username),'/./'),1008
from users where users.id + 2000=0 and enabled = 1

Is there something different in the latest version of OpenSSH, over
1.2.3?

This may not be an OpenSSH-specific problem, but I've also noticed
that with the latest version it only attempts to use the module if I
ssh while logged in as root. If I'm logged in as a normal user, it
seems to ignore the module and authenticate the usual way. I'm doing a
-l username both ways.

Any thoughts?

• Next message: Jack Vant: "make fails - ssh-3.1.0 on AIX 4.3.3"
• Previous message: Richard E. Silverman: "Re: SSH-Agent isn't responding after logout and relogin"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Interesting problem with OpenSSH v3.9p1, MIT Kerberos authenticating against Active Directory ... I seem to have run into a road block getting my Linux machines to ... authenticate against AD when coming in through OpenSSH. ... place using Kerberos, then I get the following error from the ssh daemon: ... (comp.security.ssh) Re: Mixing Public Key and Password authentication ... what I would like to do is only provide shell access to users ... > who authenticate via Public Key. ... > Is something like that possible with OpenSSH? ... Good judgement comes with experience. ... (comp.security.ssh) OpenSSH v3.9p1 and Kerberos5 against Ad ... What is strange is that when I log onto the ... Linux box and then use the kinit program, I can authenticate just fine ... I am using MIT Kebreros v1.4 and OpenSSH V3.9p1 ... (SSH) Re: Failed none ... On Tue, 30 Nov 2004, Mikael Chambon wrote: ... > from openssh in my logs: ... port as on 03:27:37 most probably it is your client first try to authenticate ... (SSH) TCP Wrappers not reporting username in syslog ... I've got tcp_wrappers running on a solaris 8 machine, which logs to a ... loghost. ... I have a compiled version of openssh with libwrap compiled ... doesn't report the username in the access denied line in syslog. ... (comp.security.unix)