LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] ssh access on Redhat 7.2

[ILUG] ssh access on Redhat 7.2

Walter Faleiro curtorkar at gmail.com
Tue Feb 27 23:37:01 GMT 2007 

Following  is the sshd file under /etc/pam.d

#%PAM-1.0
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_limits.so
session    optional     /lib/security/pam_console.so

Does the above need to be modified to have the ssh access available via
shadow passwords.

--W

On 2/28/07, Walter Faleiro <curtorkar at gmail.com> wrote:
>
> Hi Conor,
> Yes the users exists.
> I tried the following
>
> login as root
> su - username
>
> changed the password for the users on this 7.2 system, and then tried to
> ssh again and it worked.
> So its the way the system reads the nis passwords thats causing the issue
> here.
>
> --W
>
>
> On 2/28/07, Conor Wynne <conor at discuskeeping.com> wrote:
> >
> > Walter Faleiro wrote:
> > > Hi,
> > > Currently we have a nis server configured with RHEL Update8. There are
> > > a few
> > > older clients of Redhat 7.2, with which ssh is having an issue.
> > >
> > > I can ssh as root to the system and it connects fine. If I do su -
> > > username
> > > after connecting it as root it works fine. The problem is
> > > ssh user at system does not work.
> > > The error log shows
> > > sshd(pam_unix)[3255]: authentication failure; logname= uid=0 euid=0
> > > tty=ssh
> > > ruser= rhost=xxx  user=xxxx
> > >
> > > Following are the details of ssh on the Redhat System.
> > >
> > > ssh -V
> > > OpenSSH_2.9p2, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> > > #       $OpenBSD: sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $
> > >
> > > # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
> > >
> > > # This is the sshd server system-wide configuration file.  See sshd(8)
> > > # for more information.
> > >
> > > Port 22
> > > #Protocol 2,1
> > > #ListenAddress 0.0.0.0
> > > #ListenAddress ::
> > > HostKey /etc/ssh/ssh_host_key
> > > HostKey /etc/ssh/ssh_host_rsa_key
> > > HostKey /etc/ssh/ssh_host_dsa_key
> > > ServerKeyBits 768
> > > LoginGraceTime 600
> > > KeyRegenerationInterval 3600
> > > PermitRootLogin yes
> > > #
> > > # Don't read ~/.rhosts and ~/.shosts files
> > > IgnoreRhosts yes
> > > # Uncomment if you don't trust ~/.ssh/known_hosts for
> > > RhostsRSAAuthentication
> > > #IgnoreUserKnownHosts yes
> > > StrictModes yes
> > > X11Forwarding yes
> > > X11DisplayOffset 10
> > > PrintMotd yes
> > > #PrintLastLog no
> > > KeepAlive yes
> > >
> > > # Logging
> > > SyslogFacility AUTHPRIV
> > > LogLevel INFO
> > > #obsoletes QuietMode and FascistLogging
> > >
> > > RhostsAuthentication no
> > > #
> > > # For this to work you will also need host keys in
> > > /etc/ssh/ssh_known_hosts
> > > RhostsRSAAuthentication no
> > > # similar for protocol version 2
> > > HostbasedAuthentication no
> > > #
> > > RSAAuthentication yes
> > >
> > > # To disable tunneled clear text passwords, change to no here!
> > > PasswordAuthentication yes
> > > PermitEmptyPasswords no
> > >
> > > # Uncomment to disable s/key passwords
> > > #ChallengeResponseAuthentication no
> > >
> > > # Uncomment to enable PAM keyboard-interactive authentication
> > > # Warning: enabling this may bypass the setting of
> > > 'PasswordAuthentication'
> > > #PAMAuthenticationViaKbdInt yes
> > >
> > > # To change Kerberos options
> > > #KerberosAuthentication no
> > > #KerberosOrLocalPasswd yes
> > > #AFSTokenPassing no
> > > #KerberosTicketCleanup no
> > >
> > > # Kerberos TGT Passing does only work with the AFS kaserver
> > > #KerberosTgtPassing yes
> > >
> > > #CheckMail yes
> > > #UseLogin no
> > >
> > > #MaxStartups 10:30:60
> > > #Banner /etc/issue.net
> > > #ReverseMappingCheck yes
> > >
> > > Subsystem       sftp    /usr/libexec/openssh/sftp-server
> > >
> > > cat /etc/pam.d/sshd
> > > #%PAM-1.0
> > > auth       required     /lib/security/pam_stack.so service=system-auth
> > > auth       required     /lib/security/pam_nologin.so
> > > account    required     /lib/security/pam_stack.so service=system-auth
> >
> > > password   required     /lib/security/pam_stack.so service=system-auth
> > > session    required     /lib/security/pam_stack.so service=system-auth
> > > session    required     /lib/security/pam_limits.so
> > > session    optional     /lib/security/pam_console.so
> > >
> > >
> > >
> > > The issue is only on the Redhat 7.2 systems, and other systems with
> > newer
> > > releases are connecting fine.
> > >
> > > cat /etc/issue
> > > Red Hat Linux release 7.2 (Enigma)
> > > Kernel \r on an \m
> > >
> > >
> > > Is there any modification needed for older releases to work with newer
> > > nis?
> > >
> > > Thanks,
> > > --W
> > Does the user exist?
> > # id username
> >
> >
>

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell