Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    ssh fails to authenticate some users

    Hi there, I am experiencing a weird problem with ssh.

    Most of users here use the passwordless login mode when using ssh. However, after upgrading from RH9 to FC2, some of them are unable to keep login in such a way.

    As root, I su - to such users, and did some test, using ssh -v -v <server> from the client, and starting sshd -d -d in the server, and find out that for such users, the following occurred

    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/german/.ssh/identity
    debug1: Trying private key: /home/german/.ssh/id_rsa
    debug1: Offering public key: /home/german/.ssh/id_dsa
    debug2: we sent a publickey packet, wait for reply
    Connection closed by
    debug1: Calling cleanup 0x8062d00(0x0)

    and in the server

    debug2: input_userauth_request: try method publickey
    debug1: test whether pkalg/pkblob are acceptable
    debug1: PAM setting rhost to ""
    debug2: monitor_read: 41 used once, disabling now
    debug2: monitor_read: 3 used once, disabling now
    debug1: temporarily_use_uid: 1007/109 (e=0/0)
    getgroups: Invalid argument
    debug1: Calling cleanup 0x8063d50(0x0)
    debug1: Calling cleanup 0x806f3f0(0x0)

    So apparently, there is a problem when doing getgroups(). This problem is not present for other users though...

    I have been googling for an answer to this problem, no luck...

    Any ideas??

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    North Carolina
    the groups that it can't find, check /etc/passwd and compare to /etc/group and make sure those users that you find in passwd have groups in /etc/group

  3. #3
    I've checked the users on /etc/group and the ones having problems have groups in /etc/group. Weird enough, some users NOT having problems with ssh have not groups (and some of them have)...
    I remember I used recently the command pwconv to update the /etc/shadow file...I don't know whether this is related to this problem, posting it just in case...

  4. $spacer_open
  5. #4
    Ok, finally I have been able to know the reason of my problem, posting it here in case somebody else has the same problem:

    - the users experiencing this problem belong to more than 32 groups, which is the value of NGROUPS_MAX in /usr/include/linux/limits.h

    Posible solutions: to increase this number and recompile the kernel :S or to re-organize the groups (I think I will go for this choice).

    But in fact, it was related to /etc/groups, so thanks jledhead for your help!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts