Solved

SSH login error

Posted on 2002-03-26
7
589 Views
Last Modified: 2012-06-27
Hi,
i have a SSH error, here is some onfo.....

RH6.2
Kernel 2.4.18
SSH 3.1.0
==============
All users trying to login through port 22 (aka, ssh) get the
ssh: FATAL: Access Denied.

and this answer comes very very fast, so i think the SSHD2 does not even try to check the password..

any ideas ??


              a8888b.            
             d888888b.            
             8P"YP"Y88            
             8|o||o|88            
             8'    .88            
             8`._.' Y8.            
            d/      `8b.          
          .dP   .     Y8b.        
         d8:'   "   `::88b.        
        d8"           `Y88b      
       :8P     '       :888        
        8a.    :      _a88P        
      ._/"Yaa_ :    .| 88P|        
 jgs  \    YP"      `| 8P  `.      
 a:f  /     \._____.d|    .'      
      `--..__)888888P`._.'        
0
Comment
Question by:neostudio
  • 4
  • 3
7 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 6899009
Is sshd running on the target system? You can check for it with 'ps -ef | grep sshd | grep -v grep'.

Is there a firewall active on the target system?
0
 
LVL 3

Author Comment

by:neostudio
ID: 6899525
sshd is running !!
i can connect and it asks for the username,. then the password.
but no password for any user is accepted !!


here is some of the sshd2_config file...


## Authentication
## Hostbased and PAM are not enabled by default.
BannerMessageFile               /etc/issue.net
PasswordGuesses                 3
AllowedAuthentications          hostbased,password,publickey
RequiredAuthentications         publickey,password
#       SshPAMClientPath                ssh-pam-client




</Ruslan>
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6899759
Can I see what your sshd_config file looks like?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 3

Author Comment

by:neostudio
ID: 6900678
Ok.........

## SSH CONFIGURATION FILE FORMAT VERSION 1.1
## REGEX-SYNTAX egrep
## end of metaconfig
## (leave above lines intact!)
## sshd2_config
## SSH 3.0 Server Configuration File
## General

#       VerboseMode                     no
#       QuietMode                       yes
#       ForcePTTYAllocation             no
#       SyslogFacility                  AUTH
#       SyslogFacility                  LOCAL7

## Network
# Port is not commented out, as it is needed by the example startup
# scripts. Well, the default won't likely change.
Port                            22
ListenAddress                   any
#       RequireReverseMapping           no
#       MaxBroadcastsPerSecond          0
#       MaxBroadcastsPerSecond          1
NoDelay                         yes
KeepAlive                       yes
MaxConnections                  3




## Crypto
#Ciphers                                Blowfish
#AnyCipher
#       RekeyIntervalSeconds            3600




## User
PrintMotd                       yes
CheckMail                       yes
UserConfigDirectory             "%D/.ssh2"
#       UserKnownHosts                  yes
LoginGraceTime                  60
PermitEmptyPasswords            no
#       StrictModes                     yes
#       IdleTimeOut                     1h

# This variable is set here, because by default it's empty, and so no
# variables can be set. Because of that, we set a few common ones here.
        SettableEnvironmentVars         LANG,LC_(ALL|COLLATE|CTYPE|MONETARY|NUMERIC|TIME),PATH,TERM,TZ



## User public key authentication
#       HostKeyFile                     hostkey
#       PublicHostKeyFile               hostkey.pub
#       RandomSeedFile                  random_seed
#       IdentityFile                    identification
#       AuthorizationFile               authorization
#       AllowAgentForwarding            yes


## Tunneling
#       AllowX11Forwarding              yes
#       AllowTcpForwarding              yes
#       AllowTcpForwardingForUsers      sjl, cowboyneal@slashdot\.org
#       DenyTcpForwardingForUsers       2[[:isdigit:]]*4,peelo
#       AllowTcpForwardingForGroups     priviliged_tcp_forwarders
#       DenyTcpForwardingForGroups      coming_from_outside


## Authentication
## Hostbased and PAM are not enabled by default.
BannerMessageFile               /etc/issue.net
PasswordGuesses                 3
AllowedAuthentications          hostbased,password,publickey
RequiredAuthentications ## Host restrictions
AllowHosts                      localhost 192.168.0.14 192.168.0.50
DenyHosts                       yahoo.com hotmail.com microsoft.com

## User restrictions
#       AllowUsers                      sj.*,s[[:isdigit:]]*,s(jl|amza)
#       DenyUsers                       skuuppa,warezdude,31373
#       DenyUsers                       don@untrusted\.org
#       AllowGroups                     staff,users
#       DenyGroups                      guest
PermitRootLogin                 no

## SSH1 compatibility
#       Ssh1Compatibility               <set by configure by default>
#       Sshd1Path                       <set by configure by default>
#
# This is given as argument to sshd1 with "-f" if sshd2 is invoked
# with "-f"
#       Sshd1ConfigFile                 /etc/sshd_config_alternate

## Chrooted environment
ChRootUsers                     ftpadmin
ChRootGroups                    ftpadmin


## subsystem definitions

# Subsystem's don't have defaults, so this is needed here (uncommented).
        subsystem-sftp                  sftp-server
        publickey,password
#       SshPAMClientPath                ssh-pam-client



so what do you see here ?
0
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 6900946
First of all I can see that you are using the commercial SSH implementation rather than OpenSSH. I was guessing that to be the case from the earlier reference to 'RequiredAuthentications', but wanted to see the complete config file to be certain. Since the OpenSSH is the standard for Linux is there some specific reason that you are using the commercial version?

By what I see in the config file you've restricted access to the SSH server to localhost on the machine running SSH and two other IP's (192.168.0.14 192.168.0.50). Are you trying the connection from one of those two IP's? What happens if you connect to the localhost IP while logged on the SSH server box. Trying localhost would eliminate any firewalls or routers from the equation. Also is it possible that there's another copy of sshd installed and running?

Obviously this isn't a stock 6.2 system since you are running a 2.4.18 kernel. Such a radical departure from a RedHat distribution tends to make me think that using a binary rpm for SSH, which I assume is what you installed, might be iffy.
0
 
LVL 3

Author Comment

by:neostudio
ID: 6901113
Hi again jlevie  !!

let me be frank, i already solved the problem, it was the
'RequiredAuthentications' as you suggested, but it was more my error than SSHd it self !!

i was asking for a hostbased certificate while but not comparing to it, which made the server deny any certificate, that was easy .

And for sure :-p
it is not a stock 6.2, i just made the installation long time ago, and it is (i think) the most secure linux ever found, i am patching it daily with the latest pathes and updating it weekly, it is VERY MUCH uptodated version, but i can't run away, it is still called a RH6.2 somewhere .

anyway,
thank you for your help, please drop me a line at
jlevie.EE.Q.20281866@opilki.com if you will have the time ..

regards,
</Ruslan>
0
 
LVL 3

Author Comment

by:neostudio
ID: 6901115
Thanks again ...
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question