[ILUG] ssh access on Redhat 7.2

[Walter Faleiro]

Hi Conor,
Yes the users exists.
I tried the following

login as root
su - username

changed the password for the users on this 7.2 system, and then tried to ssh
again and it worked.
So its the way the system reads the nis passwords thats causing the issue
here.

--W


On 2/28/07, Conor Wynne <conor at discuskeeping.com> wrote:
>
> Walter Faleiro wrote:
> > Hi,
> > Currently we have a nis server configured with RHEL Update8. There are
> > a few
> > older clients of Redhat 7.2, with which ssh is having an issue.
> >
> > I can ssh as root to the system and it connects fine. If I do su -
> > username
> > after connecting it as root it works fine. The problem is
> > ssh user at system does not work.
> > The error log shows
> > sshd(pam_unix)[3255]: authentication failure; logname= uid=0 euid=0
> > tty=ssh
> > ruser= rhost=xxx  user=xxxx
> >
> > Following are the details of ssh on the Redhat System.
> >
> > ssh -V
> > OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> > #       $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $
> >
> > # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
> >
> > # This is the sshd server system-wide configuration file.  See sshd(8)
> > # for more information.
> >
> > Port 22
> > #Protocol 2,1
> > #ListenAddress 0.0.0.0
> > #ListenAddress ::
> > HostKey /etc/ssh/ssh_host_key
> > HostKey /etc/ssh/ssh_host_rsa_key
> > HostKey /etc/ssh/ssh_host_dsa_key
> > ServerKeyBits 768
> > LoginGraceTime 600
> > KeyRegenerationInterval 3600
> > PermitRootLogin yes
> > #
> > # Don't read ~/.rhosts and ~/.shosts files
> > IgnoreRhosts yes
> > # Uncomment if you don't trust ~/.ssh/known_hosts for
> > RhostsRSAAuthentication
> > #IgnoreUserKnownHosts yes
> > StrictModes yes
> > X11Forwarding yes
> > X11DisplayOffset 10
> > PrintMotd yes
> > #PrintLastLog no
> > KeepAlive yes
> >
> > # Logging
> > SyslogFacility AUTHPRIV
> > LogLevel INFO
> > #obsoletes QuietMode and FascistLogging
> >
> > RhostsAuthentication no
> > #
> > # For this to work you will also need host keys in
> > /etc/ssh/ssh_known_hosts
> > RhostsRSAAuthentication no
> > # similar for protocol version 2
> > HostbasedAuthentication no
> > #
> > RSAAuthentication yes
> >
> > # To disable tunneled clear text passwords, change to no here!
> > PasswordAuthentication yes
> > PermitEmptyPasswords no
> >
> > # Uncomment to disable s/key passwords
> > #ChallengeResponseAuthentication no
> >
> > # Uncomment to enable PAM keyboard-interactive authentication
> > # Warning: enabling this may bypass the setting of
> > 'PasswordAuthentication'
> > #PAMAuthenticationViaKbdInt yes
> >
> > # To change Kerberos options
> > #KerberosAuthentication no
> > #KerberosOrLocalPasswd yes
> > #AFSTokenPassing no
> > #KerberosTicketCleanup no
> >
> > # Kerberos TGT Passing does only work with the AFS kaserver
> > #KerberosTgtPassing yes
> >
> > #CheckMail yes
> > #UseLogin no
> >
> > #MaxStartups 10:30:60
> > #Banner /etc/issue.net
> > #ReverseMappingCheck yes
> >
> > Subsystem       sftp    /usr/libexec/openssh/sftp-server
> >
> > cat /etc/pam.d/sshd
> > #%PAM-1.0
> > auth       required     /lib/security/pam_stack.so service=system-auth
> > auth       required     /lib/security/pam_nologin.so
> > account    required     /lib/security/pam_stack.so service=system-auth
> > password   required     /lib/security/pam_stack.so service=system-auth
> > session    required     /lib/security/pam_stack.so service=system-auth
> > session    required     /lib/security/pam_limits.so
> > session    optional     /lib/security/pam_console.so
> >
> >
> >
> > The issue is only on the Redhat 7.2 systems, and other systems with
> newer
> > releases are connecting fine.
> >
> > cat /etc/issue
> > Red Hat Linux release 7.2 (Enigma)
> > Kernel \r on an \m
> >
> >
> > Is there any modification needed for older releases to work with newer
> > nis?
> >
> > Thanks,
> > --W
> Does the user exist?
> # id username
>
>