Find the answer to your Linux question:
Results 1 to 4 of 4
Hi there, I am experiencing a weird problem with ssh. Most of users here use the passwordless login mode when using ssh. However, after upgrading from RH9 to FC2, some ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2004
    Posts
    16

    ssh fails to authenticate some users


    Hi there, I am experiencing a weird problem with ssh.

    Most of users here use the passwordless login mode when using ssh. However, after upgrading from RH9 to FC2, some of them are unable to keep login in such a way.

    As root, I su - to such users, and did some test, using ssh -v -v <server> from the client, and starting sshd -d -d in the server, and find out that for such users, the following occurred

    ...
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/german/.ssh/identity
    debug1: Trying private key: /home/german/.ssh/id_rsa
    debug1: Offering public key: /home/german/.ssh/id_dsa
    debug2: we sent a publickey packet, wait for reply
    Connection closed by 138.100.11.74
    debug1: Calling cleanup 0x8062d00(0x0)

    and in the server

    ...
    debug2: input_userauth_request: try method publickey
    debug1: test whether pkalg/pkblob are acceptable
    debug1: PAM setting rhost to "r2d7.dia.fi.upm.es"
    debug2: monitor_read: 41 used once, disabling now
    debug2: monitor_read: 3 used once, disabling now
    debug1: temporarily_use_uid: 1007/109 (e=0/0)
    getgroups: Invalid argument
    debug1: Calling cleanup 0x8063d50(0x0)
    debug1: Calling cleanup 0x806f3f0(0x0)


    So apparently, there is a problem when doing getgroups(). This problem is not present for other users though...

    I have been googling for an answer to this problem, no luck...

    Any ideas??

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    the groups that it can't find, check /etc/passwd and compare to /etc/group and make sure those users that you find in passwd have groups in /etc/group

  3. #3
    Just Joined!
    Join Date
    Nov 2004
    Posts
    16
    I've checked the users on /etc/group and the ones having problems have groups in /etc/group. Weird enough, some users NOT having problems with ssh have not groups (and some of them have)...
    I remember I used recently the command pwconv to update the /etc/shadow file...I don't know whether this is related to this problem, posting it just in case...

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Nov 2004
    Posts
    16
    Ok, finally I have been able to know the reason of my problem, posting it here in case somebody else has the same problem:

    - the users experiencing this problem belong to more than 32 groups, which is the value of NGROUPS_MAX in /usr/include/linux/limits.h

    Posible solutions: to increase this number and recompile the kernel :S or to re-organize the groups (I think I will go for this choice).

    But in fact, it was related to /etc/groups, so thanks jledhead for your help!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •