- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- sshd_config "UsePAM yes" problem
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-12-2004 06:33 PM
тАО10-12-2004 06:33 PM
sshd_config "UsePAM yes" problem
I have an 11i box with HP-UX secure shell 3.81 installed and am having trouble getting some authentication working.
when I am logged in on box A (as my own userid), and run "ssh root@boxb", I get prompted for the password, I enter it but get this output and cannot log in:
Password:
Last successful login for root: Wed Oct 13 11:33:52 EST-10EDT 2004 on pts/0
Last unsuccessful login for root: Wed Oct 13 11:40:36 EST-10EDT 2004
Last login: Wed Oct 13 16:25:40 2004 from boxa.workcover
Connection to boxb closed.
Furthermore, if I am logged in as root and run "ssh root@boxb", I get in fine, however I have set up keys so I don't need to type in a password to log in when ssh'ing from root.
One other thing, the syslog file on the ssh server shows this:
Oct 13 16:26:01 dunk sshd[2720]: Accepted keyboard-interactive/pam for root from 172.xx.x.x port 54
477 ssh2
so it's accepting the password, but why does it kick me out?
Now, one other thing to note is that if I change the "UsePAM yes" option in the sshd_config file to "UsePAM no" (and restart sshd), this whole problem goes away. But why would making this "yes" make logins fail? On all my other boxes, I have UsePAM yes set and I have no problems logging in on them! (although they use secsh 3.71, not 3.81 as this new box does).
Can anyone shed some light on this issue and let me know what's going wrong?
Much appreciated.
-Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-12-2004 07:31 PM
тАО10-12-2004 07:31 PM
Re: sshd_config "UsePAM yes" problem
From your problem statement it seems, when you login with your id and run "ssh root@boxb" you are prompted for Pam Password prompt. When you provide correct password the Pam authentication succeeds but the problem starts when SSH tries to allocate tty.
To analyse this issue deep, run the server and client in debug mode.
www.snailbook.com/faq/general-debugging.auto.html
Post the both the logs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-13-2004 12:40 PM
тАО10-13-2004 12:40 PM
Re: sshd_config "UsePAM yes" problem
Yes, it's strange that immediately after PAM authenticates, that it fails. But it's interesting that if we bypass PAM by using ssh keys for authentication, then it works fine.
Anyway, I've attached the logs. (both logs for the client and server are in the one file.)
- Andrew
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-13-2004 12:55 PM
тАО10-13-2004 12:55 PM
Re: sshd_config "UsePAM yes" problem
Are your PAM configs different on hosta? I'd also look at /etc/default/security to ensure root login is allowed. Is your sshd set-up to use login?
Tyler
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-13-2004 01:33 PM
тАО10-13-2004 01:33 PM
Re: sshd_config "UsePAM yes" problem
Thanks for the suggestions so far. I compared the /etc/pam.conf files and they are identical. I compared the /opt/ssh/etc/sshd_config files to see if there were any differences, and they were identical except for one line which the other server which has ssh working properly has which is: "GSSAPIAuthentication no" in its sshd_config file. I don't think that's enough to cause our problems though.
I don't know what you are specifically meaning when you say "is ssh setup to use login"? Can you elaborate please?
Any other suggestions?
Thanks heaps!
- Andy Gray
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-13-2004 01:37 PM
тАО10-13-2004 01:37 PM
Re: sshd_config "UsePAM yes" problem
Thanks again.
- Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-13-2004 06:46 PM
тАО10-13-2004 06:46 PM
Re: sshd_config "UsePAM yes" problem
Has your password expired, account-locked, or you have remote logins denied? SSH will refuse to log you in if any of this conditions are true.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-13-2004 06:48 PM
тАО10-13-2004 06:48 PM
Re: sshd_config "UsePAM yes" problem
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-13-2004 06:54 PM
тАО10-13-2004 06:54 PM
Re: sshd_config "UsePAM yes" problem
So it's very strange. It would appear that PAM is failing somewhere, but as I mentioned above, in the syslog, it says that PAM has authenticated the user, and this can be further seen by the fact that I get information about last successful and unsuccessful logins for root when I try logging in. Obviously, it only gives me that if I have already somehow successfully logged in. Someone pointed out that it was perhaps dying whilst trying to allocate a tty or something. This seems likely, but I don't know why turning PAM authentication off would suddenly make logging in work!
Know what I mean?
Anyone have other ideas? Thanks heaps!
- Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-13-2004 06:59 PM
тАО10-13-2004 06:59 PM
Re: sshd_config "UsePAM yes" problem
Thanks again
- Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-13-2004 07:12 PM
тАО10-13-2004 07:12 PM
Re: sshd_config "UsePAM yes" problem
Have you checked that both versions of SSH were compiled with "usePAM=yes", and that there are no patches kicking around?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-14-2004 10:45 AM
тАО10-14-2004 10:45 AM
Re: sshd_config "UsePAM yes" problem
Hate to admit that it was a patching issue. grrrr.
Anyway, thank you for your input.
- Andy Gray