| View previous topic :: View next topic |
| Author |
Message |
marcelser
Tux's lil' helper
Joined: 30 Sep 2004
Posts: 106
|
 Posted: Tue Aug 03, 2010 9:26 am Post subject: [SOLVED] password login no longer works through "ssh&qu |
 |
|
Hi,
I have a very strange problem, it seems that "ssh" no longer allows me to login through my password. This was working perfectly for years now and suddenly it stopped.[/code] What is still working is logging in with a private key file. I don't know what caused this functionality to stop and if it has something to do which changed in pam or something but I'm completely out of ideas. Here's my /etc/ssh/sshd_config
| Code: |
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel DEBUG
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
AllowAgentForwarding yes
AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd no
PrintLastLog no
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/lib/misc/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
|
does anyone have an idea what's wrong? Another strange thing is that I don't see any errors when I do a "tail -f /var/log/*" in any logfile, although I have set the loglevel in the sshd config to DEBUG, no log entries appear when I try to login through password. I'm totally out of ideas as I can't see whats going wrong. any ideas on how to get more output. I already tried re-emerging "pam" and "ssh" but with on luck. I also tried setting a new password as root and as user, both times passwd reports that the password was changed succesfully but when I try to login through ssh I still only get the message "Access denied". It doesn't matter if I try it from inside the network using the machine name, from the internet with port forwarding. It also doesn't matter if I try putty or another linux machine to logon I always get "access denied".
Please any help would be great I'm totally out-of-ideas as there are no entries in the /var/log/* files.
Thanks in advance.
Last edited by marcelser on Tue Aug 03, 2010 6:10 pm; edited 1 time in total |
|
| Back to top |
|
 |
sysnom
n00b
Joined: 03 Aug 2010
Posts: 4
Location: Xenon Sector 101
|
| Posted: Tue Aug 03, 2010 10:33 am Post subject: |
|
|
| Have you checked that you're actually logging in with 'username@address' instead of just 'address'? It's a common mistake if you're moving to a terminal with a different username. Also try 'sshd -dd' and see what it spits out and it might be worth taking a look in /etc/pam.d/sshd. |
|
| Back to top |
|
|
xibo
Apprentice
Joined: 21 Aug 2007
Posts: 152
Location: moving between kubuntu and ubuntu kde edition
|
| Posted: Tue Aug 03, 2010 12:17 pm Post subject: |
|
|
you mean `ssh -vv username@hostname`, -dd isn't an option. at least not one listed by the man page.
does the username you want to use work localy and is it's terminal and home directory getting set correctly?
you can't login as root via slogin due to `PermitRootLogin no` in your config file.
also, /etc/pam.d might contain the problem. I'm not sure if it's concerning kerberos logins only, but i had etc-update making multiples of my systems unloginable by modifying those files two weeks ago. |
|
| Back to top |
|
|
timeBandit
Bodhisattva
Joined: 31 Dec 2004
Posts: 2719
Location: here, there or in transit
|
| Posted: Tue Aug 03, 2010 2:10 pm Post subject: Re: password login no longer works through "ssh" |
|
|
| marcelser wrote: | | Code: | | ChallengeResponseAuthentication no |
|
Change that to yes.
_________________
Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others. |
|
| Back to top |
|
|
marcelser
Tux's lil' helper
Joined: 30 Sep 2004
Posts: 106
|
| Posted: Tue Aug 03, 2010 6:08 pm Post subject: [SOLVED] Re: password login no longer works through "ss |
|
|
Thanks for all your help.
I tried all the suggestions and still got no output in the logfiles using "sshd -dd" or "ssh -vv" which solved the problem. After some hours of trial & error I stopped sshd and forgot to start it but the ssh client still got a connection which told me that something very weird as going on, how can I connect to an ssh server if there's no ssh server running?
So I began to search and after quite some time we found it: The router has a ssh managment console, which someone has activated on port 22. This eliminated the routing of port 22 to the ssh server for this domainname. I just disabled the managment console on the router to re-establish the port forwarding to the machine and everything went back to normal. Now it's clear to me why all the logs and the DEBUG setting for the ssh client stayed silent.
Thanks for any help on this subject and sorry for the trouble. |
|
| Back to top |
|
|
sysnom
n00b
Joined: 03 Aug 2010
Posts: 4
Location: Xenon Sector 101
|
|
| Back to top |
|
|
marcelser
Tux's lil' helper
Joined: 30 Sep 2004
Posts: 106
|
| Posted: Wed Aug 04, 2010 5:01 pm Post subject: |
|
|
well sysnom you have to look carefully, if you click on the link you posted it shows this text in the man page:
| Code: | -d Debug mode. The server sends verbose debug output to standard
error, and does not put itself in the background. The server
also will not fork and will only process one connection. This
option is only intended for debugging for the server. Multiple
-d options increase the debugging level. Maximum is 3.
|
It's also listed in the synopsis in the first few characters "[-46DdeiqTt]". So "-dd" is an option to "sshd", and "-vv" is an option to "ssh", don't mix them up. The one is the daemon and the other one is the client and you can start the daemon in debug mode even -ddd would be possible to increase the debugging level to 3.
Best regards,
Marc |
|
| Back to top |
|
|
|
Networking & Security
