Find the answer to your Linux question:
Results 1 to 6 of 6
i have an Rhel 3 machine. I can login to it through telnet. The config files /etc/ssh/sshd_config and /etc/ssh/ssh_config has not been modified. /etc/hosts.allow and /etc/hosts.deny have all commented lines. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! kirtikjr's Avatar
    Join Date
    Apr 2007
    Posts
    29

    issues with ssh login


    i have an Rhel 3 machine.

    I can login to it through telnet.



    The config files /etc/ssh/sshd_config and /etc/ssh/ssh_config has not been modified.
    /etc/hosts.allow and /etc/hosts.deny have all commented lines.

    But the IP address of the system was changed. Could this be issue?

    It was earlier configured for passwordless login(dsa).

    I tried moving the contents for .ssh file to bkp folder, still no help.



    -bash-2.05b$ uname -a
    Linux itanium2 2.4.21-9.EL #1 SMP Thu Jan 8 16:54:40 EST 2004 ia64 ia64 ia64 GNU/Linux



    posting the verbose ssh log

    ------------------------------

    bash-2.05b$ ssh -v qa_fnp@10.91.220.35
    OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Rhosts Authentication disabled, originating port will not be trusted.
    debug1: Connecting to 10.91.220.35 [10.91.220.35] port 22.
    debug1: Connection established.
    debug1: identity file /home2/qa_fnp/.ssh/identity type -1
    debug1: identity file /home2/qa_fnp/.ssh/id_rsa type -1
    debug1: identity file /home2/qa_fnp/.ssh/id_dsa type -1
    debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2
    debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host '10.91.220.35' is known and matches the RSA host key.
    debug1: Found key in /home2/qa_fnp/.ssh/known_hosts:1
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home2/qa_fnp/.ssh/identity
    debug1: Trying private key: /home2/qa_fnp/.ssh/id_rsa
    debug1: Trying private key: /home2/qa_fnp/.ssh/id_dsa
    debug1: Next authentication method: password
    qa_fnp@10.91.220.35's password:
    debug1: Authentication succeeded (password).
    debug1: channel 0: new [client-session]
    debug1: Entering interactive session.
    debug1: channel 0: request pty-req
    debug1: channel 0: request shell
    debug1: channel 0: open confirm rwindow 0 rmax 32768
    debug1: channel_free: channel 0: client-session, nchannels 1
    Connection to 10.91.220.35 closed by remote host.
    Connection to 10.91.220.35 closed.

    debug1: Transferred: stdin 0, stdout 0, stderr 87 bytes in 0.0 seconds
    debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 4650.7
    debug1: Exit status -1
    -bash-2.05b$

  2. #2
    Just Joined!
    Join Date
    Dec 2009
    Posts
    6
    Code:
    #service sshd restart
    Code:
    #grep -lri sshd /var/log

  3. #3
    Just Joined! kirtikjr's Avatar
    Join Date
    Apr 2007
    Posts
    29
    sshd is running. I restarted the serice
    ssh port is listening too.
    oresle i wont have able to successfully enter my pasword.

    I checked the /var/log/secure file. The last lines are:

    Aug 3 01:03:57 itanium2 sshd[9400]: Accepted password for qa_fnp from ::ffff:10.41.10.38 port 40590 ssh2
    Aug 3 01:03:57 itanium2 sshd[9401]: Accepted password for qa_fnp from ::ffff:10.41.10.38 port 40590 ssh2
    Aug 3 01:03:57 itanium2 sshd[9402]: fatal: PAM session setup failed[28]: Module is unknown

    I guess something is wrong with PAM settings
    -bash-2.05b$ sudo cat /etc/pam.d/sshd
    #%PAM-1.0
    #auth include system-auth
    #account required pam_nologin.so
    #account include system-auth
    #password include system-auth
    #session optional pam_keyinit.so force revoke
    #session include system-auth
    #session required pam_loginuid.so
    #
    auth required pam_stack.so service=system-auth
    #auth required pam_nologin.so
    account required pam_stack.so service=system-auth
    password required pam_stack.so service=system-auth
    session required pam_stack.so service=system-auth
    session required pam_limits.so
    session optional pam_console.so
    session required pam_loginuid.so

  4. #4
    Just Joined!
    Join Date
    Dec 2009
    Posts
    6
    This is my pam.d file.

    Code:
    # cat /etc/pam.d/sshd
    #%PAM-1.0
    auth       include      system-auth
    account    required     pam_nologin.so
    account    include      system-auth
    password   include      system-auth
    session    optional     pam_keyinit.so force revoke
    session    include      system-auth
    session    required     pam_loginuid.so
    #

  5. #5
    Just Joined! kirtikjr's Avatar
    Join Date
    Apr 2007
    Posts
    29
    thanks a lot, but i made same as urself. no help. dont know what else is wrong

  6. #6
    Just Joined! kirtikjr's Avatar
    Join Date
    Apr 2007
    Posts
    29
    Actually the issues were with PAM settings only. If u see the last line: session required pam_loginuid.so
    I tried to look in the /lib/security directory. pam_loginuid.so file was not there.
    I commented the last line in /etc/pam.d/sshd.
    It worked.
    Thanks to all

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •