Updates break openssh?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Hello,

I've spent the last couple of days trying to debug a problem with ssh on RedHat 9 which it now seems was introduced only with the latest updates. For me, the symptoms of the problem were an inability to ssh into the system as anyone other than root:

[aleahy@gregory ~]$ ssh huygens
Connection closed by 10.32.227.70
[aleahy@gregory ~]$ ssh -l root huygens
root@huygens's password:
Last login: Tue Aug 26 11:43:43 2003 from gregory.lab.knet.edu
[root@huygens root]#

Direct login from the console and from gdm work fine. The problem was fixed when I downgraded the ssh packages back to the original ones on the RH 9 CD. I have another RH 9 system with all updates applied which works fine, so I'm thinking it's unique to the authentication system I use on this system--kerberos and ldap. Looking at the contents of /var/log/messages, ssh never makes it past pam_unix.

Aug 26 12:15:04 huygens sshd: sshd -TERM succeeded
Aug 26 12:15:07 huygens sshd: succeeded
Aug 26 12:15:15 huygens sshd(pam_unix)[3179]: check pass; user unknown
Aug 26 12:15:15 huygens sshd(pam_unix)[3179]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=gregory.lab.knet.edu
Aug 26 12:23:55 huygens sshd(pam_unix)[3188]: check pass; user unknown
Aug 26 12:23:55 huygens sshd(pam_unix)[3188]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=gregory.lab.knet.edu
Aug 26 12:28:50 huygens sshd: sshd -TERM succeeded

Here are the contents of /etc/pam.d/system-auth:

auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass tokens
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so
account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_krb5.so

password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_krb5.so use_authtok
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_krb5.so
session     optional      /lib/security/$ISA/pam_ldap.so

Andrew Leahy

---
[This E-mail scanned for viruses by Declude Virus]


--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
[Index of Archives]     [Fedora Users]     [Centos Users]     [Kernel Development]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat Phoebe Beta]     [Yosemite Forum]     [Fedora Discussion]     [Gimp]     [Stuff]     [Yosemite News]

  Powered by Linux