cancel
Showing results for 
Search instead for 
Did you mean: 

su: incorrect password

SOLVED
Go to solution
David Wall
Advisor

su: incorrect password

I am getting the following error when trying to su - userid from root. I can telnet to the user but ssh also fails with a password error. No changes (as far as I know, I'm not the only one with access) have been made to the system recently.

Any thoughts?

Thanks.
5 REPLIES
Court Campbell
Honored Contributor

Re: su: incorrect password

check /var/log/messages and /var/log/secure and see if you see any errors. My best guess would be that it is a pam issue.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
David Wall
Advisor

Re: su: incorrect password

Here is the output from first an su - ruser attempt as root and then a secure shell attempt.

secure
Jul 2 12:23:11 localhost sshd[22732]: Failed password for root from ::ffff:10.101.241.55 port 3349 ssh2
Jul 2 12:23:23 localhost sshd[22732]: Accepted password for root from ::ffff:10.101.241.55 port 3349 ssh2
Jul 2 12:23:35 localhost sshd[22795]: Failed password for ruser from ::ffff:10.101.241.55 port 3351 ssh2
Jul 2 12:23:40 localhost sshd[22796]: Connection closed by ::ffff:10.101.241.55

messages
Jul 2 12:22:42 localhost pam_tally[22717]: user ruser (500) tally 4, deny 2
Jul 2 12:23:09 localhost sshd(pam_unix)[22732]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=p62534.company.org user=root
Jul 2 12:23:23 localhost sshd(pam_unix)[22748]: session opened for user root by root(uid=0)
Jul 2 12:23:35 localhost pam_tally[22795]: user ruser (500) tally 5, deny 2

A telnet produces the following in the secure file and works fine.

Jul 2 12:30:49 localhost xinetd[2510]: START: telnet pid=23227 from=10.101.241.55
Court Campbell
Honored Contributor
Solution

Re: su: incorrect password

you are using pam_tally. look for a binary named pam_tally and run it. It should show a list of locked users. Then try this to reset the user:

# pam_tally --user= --reset

pam_tally keeps track of failed logins and will not allow logon after so many unsuccessful attempts. Since telnet works you can probably see the pam module listed in /etc/pam.d/sshd.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
Court Campbell
Honored Contributor

Re: su: incorrect password

I guess I could have mentioned that you are set to deny access after to failed logon attempts.
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
David Wall
Advisor

Re: su: incorrect password

That was it.

Thanks.