| View previous topic :: View next topic |
| Author |
Message |
0x001A4
Apprentice
Joined: 08 Jan 2006
Posts: 263
Location: Mississauga, Ontario
|
 Posted: Tue Dec 19, 2006 3:36 am Post subject: SSH - permission denied with correct password |
 |
|
I've been trying to get SSH going on my computer again so I can connect to it from work. When I try
Then it prompts me for the password. Once I enter it it tells me | Code: | | permission denied, please try again. |
Now, I know I'm entering the correct password, so what could be the problem? |
|
| Back to top |
|
 |
r.stiltskin
Apprentice
Joined: 11 Aug 2004
Posts: 227
Location: Brooklyn
|
| Posted: Tue Dec 19, 2006 4:21 am Post subject: |
|
|
Could it be that you are doing this as root, and you have set
PermitRootLogin No
in sshd_config? |
|
| Back to top |
|
|
converter
Apprentice
Joined: 24 Dec 2002
Posts: 163
|
| Posted: Tue Dec 19, 2006 12:19 pm Post subject: |
|
|
Check your logs. You'll probably find something in /var/log/auth.log or /var/log/syslog.
If you don't find any useful information in the logs, run a stand-alone instance of sshd using the -D and -p switches:
| Code: | | # sshd -D -p <port number> |
where <port number> is some unused port that you want sshd to listen on. The -D switch will cause sshd not to become a daemon. Information that sshd usually transmits to the system logger will be dumped to the console/xterm it's running in so that you can see what it's doing when you try to log in.
Run your ssh session with:
| Code: | | $ ssh -p <port number> localhost |
and watch the console or xterm where sshd is running. If this doesn't produce any helpful information, add the -v switch to the ssh client command line to get debugging output from the client.
Let us know how it goes.
_________________
converter |
|
| Back to top |
|
|
0x001A4
Apprentice
Joined: 08 Jan 2006
Posts: 263
Location: Mississauga, Ontario
|
| Posted: Tue Dec 19, 2006 11:59 pm Post subject: |
|
|
Well after doing what you suggested I got some interesting results. It says it failed to bind to port 54987 on 0.0.0.0 because the address is already in use? Here is what I got as debug output:
| Code: | # /usr/sbin/sshd -Dd -p 54987
debug1: sshd version OpenSSH_4.5p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-Dd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='54987'
debug1: Bind to port 54987 on ::.
Server listening on :: port 54987.
debug1: Bind to port 54987 on 0.0.0.0.
Bind to port 54987 on 0.0.0.0 failed: Address already in use.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 47018
debug1: Client protocol version 2.0; client software version OpenSSH_4.5
debug1: match: OpenSSH_4.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
debug1: permanently_set_uid: 22/22
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user mat service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "mat"
debug1: PAM: setting PAM_RHOST to "localhost"
debug1: PAM: setting PAM_TTY to "ssh"
Failed none for mat from 127.0.0.1 port 47018 ssh2
debug1: userauth-request for user mat service ssh-connection method keyboard-interactive
debug1: attempt 1 failures 1
debug1: keyboard-interactive devs
debug1: auth2_challenge: user=mat devs=
debug1: kbdint_alloc: devices 'pam'
debug1: auth2_challenge_start: trying authentication method 'pam'
PAM: Module is unknown for mat from localhost
Failed keyboard-interactive/pam for mat from 127.0.0.1 port 47018 ssh2
debug1: Unable to open the btmp file /var/log/btmp: No such file or directory
debug1: userauth-request for user mat service ssh-connection method password
debug1: attempt 2 failures 2
debug1: PAM: password authentication failed for mat: Module is unknown
Failed password for mat from 127.0.0.1 port 47018 ssh2
debug1: Unable to open the btmp file /var/log/btmp: No such file or directory
Connection closed by 127.0.0.1
debug1: do_cleanup
debug1: do_cleanup |
|
|
| Back to top |
|
|
converter
Apprentice
Joined: 24 Dec 2002
Posts: 163
|
| Posted: Wed Dec 20, 2006 12:40 am Post subject: |
|
|
Would you paste the uncommented lines from your /etc/ssh/sshd_config file?
If you run this as root, it should print only the lines we're interested in:
| Code: | | sed '/[^ \t]/!d;/^[ \t]*#/d' /etc/ssh/sshd_config |
_________________
converter |
|
| Back to top |
|
|
0x001A4
Apprentice
Joined: 08 Jan 2006
Posts: 263
Location: Mississauga, Ontario
|
| Posted: Wed Dec 20, 2006 12:56 am Post subject: |
|
|
here we go:
| Code: | Port 54978
Protocol 2
LoginGraceTime 30
PermitRootLogin no
StrictModes yes
MaxAuthTries 3
PasswordAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication yes
UsePAM yes
AllowUsers mat
Subsystem sftp /usr/lib64/misc/sftp-server |
|
|
| Back to top |
|
|
JoeUser
n00b
Joined: 08 Apr 2006
Posts: 61
|
| Posted: Wed Dec 20, 2006 1:56 am Post subject: |
|
|
try:
| Code: | | ssh -p 54978 -l mat localhost |
Your sshd_config shows it using port 54978 rather then the default 22 and AllowUsers only allows the one user "mat". If I remember correctly, if you don't specify the user name in the command line it assumes the user you're currently logged in as for the shh login name. |
|
| Back to top |
|
|
0x001A4
Apprentice
Joined: 08 Jan 2006
Posts: 263
Location: Mississauga, Ontario
|
| Posted: Wed Dec 20, 2006 2:30 am Post subject: |
|
|
| yeah i've used port 54978 before with no problems, and I have also tried $ssh mat@localhost -p 54978 and it still gives me the error that I'm entering the wrong password. And also, mat is the only user on this computer besides root :s |
|
| Back to top |
|
|
|
Networking & Security
