HPE Community
Operating System - HP-UX
1833875 Members
2050 Online
110063 Solutions
New Discussion

libpam_vvos and ssh login

 
Pierre Klovsjo_1
Occasional Advisor

‎04-13-2005 10:24 PM

‎04-13-2005 10:24 PM

libpam_vvos and ssh login

Hello,

I'm having problem accessing my vault via ssh.
I can access via web gui and export a xterm. but doing a scp works just fine. I can see in my logfiles that there is something regarding libpam_vvos.

Output from syslog:
Apr 14 10:06:38 vault1 sshd[1543]: Server listening on 0.0.0.0 port 22.
Apr 14 10:55:43 vault1 libpam_vvos[1979]: su : + ttyp0 hello-root
Apr 14 10:57:35 vault1 sshd[1543]: debug1: Forked child 2008.
.......
Apr 14 10:57:37 vault1 sshd[2008]: debug1: attempt 0 failures 0
Apr 14 10:57:37 vault1 sshd[2008]: debug1: Starting up PAM with username "hello"
Apr 14 10:57:37 vault1 sshd[2008]: debug1: PAM setting rhost to "neon.domain.com"
Apr 14 10:57:45 vault1 libpam_vvos[2008]: pam_authenticate: error Authentication failed
Apr 14 10:57:45 vault1 sshd[2008]: debug1: PAM password authentication failed for hello: Authentication failed
Apr 14 10:57:45 vault1 sshd[2008]: Failed none for hello from 172.25.10.10 port 43317 ssh2
ut from syslog.

Has anyone seen such a problem before?
More logs can be provided if needed.

Thanks a lot and regards,

Pierre
0 Kudos
Reply
4 REPLIES 4
Ermin Borovac
Honored Contributor

‎04-14-2005 06:45 PM

‎04-14-2005 06:45 PM

Re: libpam_vvos and ssh login

Do you have the following patch installed? It includes libpam_vvos with support for OpenSSH.

Patch Name: PHCO_28961
Patch Description: s700_800 11.04 (VVOS) PAM support for OpenSSH
0 Kudos
Reply
Pierre Klovsjo_1
Occasional Advisor

‎04-17-2005 10:42 PM

‎04-17-2005 10:42 PM

Re: libpam_vvos and ssh login

Hello again,

Thanks for your e-mail.

Yes the patch was installed and the problem is there. I have also been looking around here in the forum for addtional answers but i seem to be the only one with this problem. If anyone have a suggestion or anything that i might be bale to try you are most welcome to shre it with me. I would hate to re-install the complete machine.

Regards,

Pierre
0 Kudos
Reply
Ermin Borovac
Honored Contributor

‎04-18-2005 11:48 AM

‎04-18-2005 11:48 AM

Re: libpam_vvos and ssh login

Do you have PasswordAuthentication set to yes in sshd_config on the vault server?
0 Kudos
Reply
Pierre Klovsjo_1
Occasional Advisor

‎05-08-2005 11:49 PM

‎05-08-2005 11:49 PM

Re: libpam_vvos and ssh login

Hello again,

Thanks for your reply once again.

I have not been struggling with this problem for a while now but once again i have to face this problem so i'll attach my sshd_conmfig file below. It may be a bit scre*ed up due to my testings.

Regards,

Pierre

--------------------------------------
Port 22
# Protocol 2 is recommended.
Protocol 2
ListenAddress xxx.xxx.xxx.xxx

# HostKey for protocol version 1
#HostKey /opt/vaultTS/tools/OpenSSH/etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /opt/vaultTS/tools/OpenSSH/etc/ssh_host_rsa_key
HostKey /opt/vaultTS/tools/OpenSSH/etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
#LogLevel INFO
LogLevel DEBUG
#obsoletes QuietMode and FascistLogging

# Authentication:

LoginGraceTime 600

# Root login is not recommended on Virtualvault.
PermitRootLogin no

# You may need to set StrictModes to "no" to permit
# Root login on Virtualvault.
StrictModes no

RSAAuthentication yes
PubkeyAuthentication yes

# The SSH User directory on Virtualvault is $HOME/apphome/.ssh
# The authorized_keys (protocol 1) and authorized_keys2 (protocol 2)
# files must be located in $HOME/apphome/.ssh

#AuthorizedKeysFile %h/apphome/.ssh/authorized_keys
AuthorizedKeysFile %h/apphome/.ssh/authorized_keys2

# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes

# For this to work you will also need host keys in /opt/vaultTS/tools/OpenSSH/etc/ssh_known_hosts
# RhostsRSAAuthentication is not supported on Virtualvault.
RhostsRSAAuthentication no
# similar for protocol version 2
# HostbasedAuthentication is not supported on Virtualvault.
HostbasedAuthentication no
# Uncomment if you don't trust ~/apphome/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Uncomment to disable s/key passwords
# s/key passwords are not supported on Virtualvault.
#ChallengeResponseAuthentication no

# Uncomment to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
PAMAuthenticationViaKbdInt no

# To change Kerberos options
# Kerberos is not supported on Virtualvault.
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

# X11 forwarding is not supported on Virtualvault.
X11Forwarding no
X11DisplayOffset 10

PrintMotd yes
#PrintLastLog no
KeepAlive yes

# UseLogin is not supported on Virtualvault.
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem sftp /opt/vaultTS/tools/OpenSSH/libexec/sftp-server

# Additional directives when the OpenSSH version is migrated
# to 3.6.1p2
# Set UsePrivilegeSeparation to 'no' always
X11UseLocalhost no
UsePrivilegeSeparation no
#PermitUserEnvironment no
#Compression yes
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.