[Rocks-Discuss]Unable to ssh login using password
Greenseid, Joseph M.
Joseph.Greenseid at ngc.com
Fri Aug 4 05:15:50 PDT 2006
Not sure if this will give any other useful information, but could you try to start an instance of the ssh daemon in debug mode and connect to that? Ex:
(as root) `/usr/sbin/sshd -ddd -p 222` -- this should start an sshd in debug mode, where debugging is going to the console, on port 222.
(as a user whose passwd is not working, in a different terminal) `ssh -p 222 -vvv`
try the not working password, and in the end when the user disconnects from the debugging sshd, the sshd will exit. See if the sshd debugging output gave you any useful error messages or hints at the failed password.
--Joe
________________________________
From: npaci-rocks-discussion-admin at sdsc.edu on behalf of Joao Mauricio de Oliveira Alves
Sent: Fri 8/4/2006 7:47 AM
To: ROCKS List
Subject: Re: [Rocks-Discuss]Unable to ssh login using password
In fact I tried with "ssh -vvv" and sent the output (after the prompt
for password). I am attaching the entire output in the ssh-vvv.log.
The ~/.ssh directory has the mode 700 in both home directories
(local/remote). Nevertheless, the key authentication IS working. The
problem is with the password authentication.
I am sending also my /etc/ssh/sshd_config and my /etc/pam.d/sshd files.
I tried to reboot the frontend, hoping that some weird process could be
the cause. Nothing changed, the problem is still there.
I checked the date /usr/sbin/sshd to verify if someone changed the file.
No changes:
-rwxr-xr-x 1 root root 833722 Mar 8 11:13 /usr/sbin/sshd
I am sending also all files changed after July 31st. This is the last
date we know for sure that the ssh password login was working.
I found the files using this command:
touch -t 200607310000 /file; for dir in bin boot etc initrd lib opt sbin
selinux srv sys tftpboot usr; do find $dir -newer /file -exec ls -lad {}
\; ;done | tee /root/changes.log
/etc/ssh/sshd_config and /etc/pam.d/sshd config WERE changed but we
cannot say this is the problem. I changed them to try to solve the
problem and (unfortunately) cannot tell if they were changed before that.
Thanks in advance,
Joao Mauricio de O. Alves
Parallel Computing Lab
COPPE/UFRJ
jmoalves at lcp.coppe.ufrj.br
http://www.lcp.coppe.ufrj.br
mason j. katz escreveu:
> Try "ssh -v" when you log in, this will tell you what SSH is trying to
> do. Also make sure your home directory and ~/.ssh directory are not
> group writable.
>
> -mjk
>
>
> On Aug 3, 2006, at 11:55 A, Joao Mauricio de Oliveira Alves wrote:
>
>> No. We did not change any configuration. Well, something must be
>> different because the system will not change its behavior without
>> some human intervention. But I exhausted my options...
>> I put all my bets in the /etc/ssh/sshd_config. However, I found no
>> clue there.
>>
>> We tried to change the /etc/pam.d/sshd file also. It looks like this:
>>
>> #%PAM-1.0
>> auth include system-auth
>> account required pam_nologin.so
>> account include system-auth
>> password include system-auth
>> session include system-auth
>> session required pam_loginuid.so
>>
>> Thanks for your attention
>>
>> Joao Mauricio de O. Alves
>> Parallel Computing Lab
>> COPPE/UFRJ
>> jmoalves at lcp.coppe.ufrj.br <mailto:jmoalves at lcp.coppe.ufrj.br>
>> http://www.lcp.coppe.ufrj.br
>>
>>
>>
>> mason j. katz escreveu:
>>> Did you change the frontend's IP address and/or hostname?
>>>
>>> -mjk
>>>
>>>
>>> On Aug 3, 2006, at 06:01 A, Joao Mauricio de Oliveira Alves wrote:
>>>
>>>> Hi all,
>>>>
>>>> Since yesterday our frontend is not accepting ssh password
>>>> authentication. I checked the /etc/ssh/sshd_config and it seems
>>>> correct. I tried to put this options (they were commented out)
>>>>
>>>> PasswordAuthentication yes
>>>> ChallengeResponseAuthentication yes
>>>>
>>>> But the problem was not fixed.
>>>>
>>>> If I connect using key authentication (~/.ssh/authorized_keys),
>>>> the ssh login works fine. Using password authentication I receive
>>>> the following error:
>>>>
>>>> myuser at myhost:~$ ssh frontend
>>>> myuser at frontend's password:
>>>> debug3: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64)
>>>> debug2: we sent a password packet, wait for reply
>>>> Connection closed by frontend
>>>>
>>>> I changed the user and the frontend address. I have the
>>>> following messages in /var/log/messages, with DebugLevel DEBUG in
>>>> /etc/ssh/sshd_config
>>>>
>>>> Aug 3 09:55:05 cluster sshd[15504]: debug1: Forked child 16271.
>>>> Aug 3 09:55:05 cluster sshd[16271]: Connection from ::ffff:myhost
>>>> port 44682
>>>> Aug 3 09:55:05 cluster sshd[16271]: debug1: Client protocol
>>>> version 2.0; client software version OpenSSH_4.3
>>>> Aug 3 09:55:05 cluster sshd[16271]: debug1: match: OpenSSH_4.3 pat
>>>> OpenSSH*
>>>> Aug 3 09:55:05 cluster sshd[16271]: Enabling compatibility mode
>>>> for protocol 2.0
>>>> Aug 3 09:55:05 cluster sshd[16271]: debug1: Local version string
>>>> SSH-1.99-OpenSSH_3.9p1
>>>> Aug 3 09:55:05 cluster sshd[16271]: Failed none for myuser from
>>>> ::ffff:myhost port 44682 ssh2
>>>> Aug 3 09:55:05 cluster sshd[16271]: debug1: temporarily_use_uid:
>>>> 501/501 (e=0)
>>>> Aug 3 09:55:05 cluster sshd[16271]: debug1: trying public key file
>>>> /home/myuser/.ssh/authorized_keys
>>>> Aug 3 09:55:05 cluster sshd[16271]: debug1: restore_uid
>>>> Aug 3 09:55:05 cluster sshd[16271]: debug1: temporarily_use_uid:
>>>> 501/501 (e=0)
>>>> Aug 3 09:55:05 cluster sshd[16271]: debug1: trying public key file
>>>> /home/myuser/.ssh/authorized_keys2
>>>> Aug 3 09:55:05 cluster sshd[16271]: debug1: restore_uid
>>>>
>>>> The ssh password authentication was working before and, as far
>>>> as I know, we had no changes in the /etc/ssh/sshd_config.
>>>>
>>>> Any clues will be welcome.
>>>>
>>>> Thanks,
>>>>
>>>> --
>>>> Joao Mauricio de O. Alves
>>>> Parallel Computing Lab
>>>> COPPE/UFRJ
>>>> jmoalves at lcp.coppe.ufrj.br <mailto:jmoalves at lcp.coppe.ufrj.br>
>>>> http://www.lcp.coppe.ufrj.br
>>>>
>>>>
>>>
>
More information about the npaci-rocks-discussion
mailing list