problem with pam
Ok the problem is that any user can ssh into the server with any password and it will accept it. I can't figure out why but atleast it doesnt work for root. It is still bad because this is on a shell server which a good amount of users. Anyone ever seen this before? Here is some stuff from the logs
Aug 7 15:31:01 vortex sshd(pam_unix): authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=pcp01445904pcs.lebnon01.pa.comcast.net user=sysc
Aug 7 15:31:02 vortex sshd: Accepted password for sysc from 18.104.22.168 port 42972 ssh2
Aug 7 15:31:02 vortex sshd(pam_unix): session opened for user sysc by (uid=0)
Since pam_unix rejects the password, but pam_authenticate seems to return positive authentication to sshd, it would seem to me as if you had something strange in your PAM stacks.
If that's not it, then, if I were you, I would gdb sshd and see where it goes wrong. I guess you'll need the source for both sshd and for PAM in order to do that easily, though.
I haven't changed any of the config file at all. It just started doing it yesterday. What is strange is that it won't do that for root which doesn't make sense. This is a gentoo server so I will recompile both so I can use gdb with them.