Hosting Provided By

non-root login problems

From: Aaron Roberts <aaron(at)domicilium.com>
Date: Tue Dec 17 2002 - 10:53:23 EST

I've just upgraded from openssh-3.0.2p1 to openssh-3.4p1 on a RedHat 7.1 Linux machine.

sshd runs fine, but I can no longer login except with username root!

What puzzles me is that the exact same useraccount could login ok before the upgrade - I have also performed the same upgrade on other similar systems with no problem.

Does anyone have any ideas?

Many thanks,

Aaron

I have included configure options, debug output and sshd_config below, I'm using PuTTY 0.51 to connect:

Do you need help?

CFLAGS="-O3 -march=i686 -mcpu=i686 -funroll-loops" \ ./configure \
--prefix=/usr \
--sysconfdir=/etc/ssh \
--libexecdir=/usr/libexec/openssh \
--mandir=/usr/share/man \
--with-pam \
--with-ipaddr-display \
--with-ipv4-default \
--with-md5-passwords

[root@betty /]# sshd -d

debug1: sshd version OpenSSH_3.4p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type RSA
debug1: private host key: #2 type 1 RSA
debug1: Bind to port 22 on 0.0.0.0.

Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode. Connection from x.x.x.x port 1409
debug1: Client protocol version 2.0; client software version PuTTY debug1: no match: PuTTY
Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-1.99-OpenSSH_3.4p1
debug1: list_hostkey_types: ssh-dss,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server 3des-cbc hmac-sha1 zlib
debug1: kex: server->client 3des-cbc hmac-sha1 zlib
debug1: dh_gen_key: priv key bits set: 195/384
debug1: bits set: 491/1024
debug1: expecting SSH2_MSG_KEXDH_INIT
debug1: bits set: 507/1024
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user remote service ssh-connection method password
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "remote"
debug1: PAM setting rhost to "x.x.x.x"
debug1: PAM Password authentication accepted for user "remote"

Accepted password for remote from x.x.x.x port 1409 ssh2 Accepted password for remote from x.x.x.x port 1409 ssh2

debug1: monitor_child_preauth: remote has been authenticated by privileged process
debug1: PAM establishing creds
debug1: newkeys: mode 0
debug1: newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug1: fd 7 setting O_NONBLOCK
debug1: fd 8 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 100 win 32768 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
Do you need more help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req

login_get_lastlog: Cannot find account for uid 500

debug1: Calling cleanup 0x80699a0(0x0)
debug1: channel_free: channel 0: server-session, nchannels 1
debug1: Calling cleanup 0x8054470(0x0)
debug1: Calling cleanup 0x8078300(0x0)
debug1: Calling cleanup 0x8054470(0x0)
debug1: Calling cleanup 0x8078300(0x0)

-------------------------------------------------

Port 22
ListenAddress 0.0.0.0

HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_rsa_key

ServerKeyBits 768
LoginGraceTime 60
KeyRegenerationInterval 3600
PermitRootLogin yes
IgnoreRhosts yes
IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
PrintMotd yes
KeepAlive yes
SyslogFacility AUTH
LogLevel INFO
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
AllowUsers aaron2 aaron remote 500 root
PAMAuthenticationViaKbdInt yes
Subsystem sftp /usr/libexec/openssh/sftp-server

Aaron Roberts mailto:aroberts@domicilium.com Technical Support Engineer
Domicilium (IOM) Ltd.
32-34 Malew Street
Castletown
Isle of Man
IM9 1AF
Tel: 01624 825278
Fax: 01624 829525
http://www.domicilium.com Received on Tue Dec 17 12:59:13 2002

This message: [ Message body ]
Next message: Meelis Kiisel: "Re: Passwordless ssh, "once and for all"..."
Previous message: David Danovich: "ssh-agent and ssh-add automatically"
Reply: Aaron Roberts: "RE: non-root login problems"
Reply: David Liber: "Problems with passwordless ssh/scp (W2K client , Solaris 8 server)."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:52 EDT