Operating System - HP-UX
1833875 Members
2050 Online
110063 Solutions
New Discussion

libpam_vvos and ssh login

 
Pierre Klovsjo_1
Occasional Advisor

libpam_vvos and ssh login

Hello,

I'm having problem accessing my vault via ssh.
I can access via web gui and export a xterm. but doing a scp works just fine. I can see in my logfiles that there is something regarding libpam_vvos.

Output from syslog:
Apr 14 10:06:38 vault1 sshd[1543]: Server listening on 0.0.0.0 port 22.
Apr 14 10:55:43 vault1 libpam_vvos[1979]: su : + ttyp0 hello-root
Apr 14 10:57:35 vault1 sshd[1543]: debug1: Forked child 2008.
.......
Apr 14 10:57:37 vault1 sshd[2008]: debug1: attempt 0 failures 0
Apr 14 10:57:37 vault1 sshd[2008]: debug1: Starting up PAM with username "hello"
Apr 14 10:57:37 vault1 sshd[2008]: debug1: PAM setting rhost to "neon.domain.com"
Apr 14 10:57:45 vault1 libpam_vvos[2008]: pam_authenticate: error Authentication failed
Apr 14 10:57:45 vault1 sshd[2008]: debug1: PAM password authentication failed for hello: Authentication failed
Apr 14 10:57:45 vault1 sshd[2008]: Failed none for hello from 172.25.10.10 port 43317 ssh2
ut from syslog.

Has anyone seen such a problem before?
More logs can be provided if needed.

Thanks a lot and regards,

Pierre
4 REPLIES 4
Ermin Borovac
Honored Contributor

Re: libpam_vvos and ssh login

Do you have the following patch installed? It includes libpam_vvos with support for OpenSSH.

Patch Name: PHCO_28961
Patch Description: s700_800 11.04 (VVOS) PAM support for OpenSSH
Pierre Klovsjo_1
Occasional Advisor

Re: libpam_vvos and ssh login

Hello again,

Thanks for your e-mail.

Yes the patch was installed and the problem is there. I have also been looking around here in the forum for addtional answers but i seem to be the only one with this problem. If anyone have a suggestion or anything that i might be bale to try you are most welcome to shre it with me. I would hate to re-install the complete machine.

Regards,

Pierre
Ermin Borovac
Honored Contributor

Re: libpam_vvos and ssh login

Do you have PasswordAuthentication set to yes in sshd_config on the vault server?
Pierre Klovsjo_1
Occasional Advisor

Re: libpam_vvos and ssh login

Hello again,

Thanks for your reply once again.

I have not been struggling with this problem for a while now but once again i have to face this problem so i'll attach my sshd_conmfig file below. It may be a bit scre*ed up due to my testings.

Regards,

Pierre

--------------------------------------
Port 22
# Protocol 2 is recommended.
Protocol 2
ListenAddress xxx.xxx.xxx.xxx

# HostKey for protocol version 1
#HostKey /opt/vaultTS/tools/OpenSSH/etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /opt/vaultTS/tools/OpenSSH/etc/ssh_host_rsa_key
HostKey /opt/vaultTS/tools/OpenSSH/etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
#LogLevel INFO
LogLevel DEBUG
#obsoletes QuietMode and FascistLogging

# Authentication:

LoginGraceTime 600

# Root login is not recommended on Virtualvault.
PermitRootLogin no

# You may need to set StrictModes to "no" to permit
# Root login on Virtualvault.
StrictModes no

RSAAuthentication yes
PubkeyAuthentication yes

# The SSH User directory on Virtualvault is $HOME/apphome/.ssh
# The authorized_keys (protocol 1) and authorized_keys2 (protocol 2)
# files must be located in $HOME/apphome/.ssh

#AuthorizedKeysFile %h/apphome/.ssh/authorized_keys
AuthorizedKeysFile %h/apphome/.ssh/authorized_keys2

# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes

# For this to work you will also need host keys in /opt/vaultTS/tools/OpenSSH/etc/ssh_known_hosts
# RhostsRSAAuthentication is not supported on Virtualvault.
RhostsRSAAuthentication no
# similar for protocol version 2
# HostbasedAuthentication is not supported on Virtualvault.
HostbasedAuthentication no
# Uncomment if you don't trust ~/apphome/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Uncomment to disable s/key passwords
# s/key passwords are not supported on Virtualvault.
#ChallengeResponseAuthentication no

# Uncomment to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
PAMAuthenticationViaKbdInt no

# To change Kerberos options
# Kerberos is not supported on Virtualvault.
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

# X11 forwarding is not supported on Virtualvault.
X11Forwarding no
X11DisplayOffset 10

PrintMotd yes
#PrintLastLog no
KeepAlive yes

# UseLogin is not supported on Virtualvault.
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem sftp /opt/vaultTS/tools/OpenSSH/libexec/sftp-server

# Additional directives when the OpenSSH version is migrated
# to 3.6.1p2
# Set UsePrivilegeSeparation to 'no' always
X11UseLocalhost no
UsePrivilegeSeparation no
#PermitUserEnvironment no
#Compression yes