Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SSH login error

Posted on 2002-03-26
7
Medium Priority
?
596 Views
Last Modified: 2012-06-27
Hi,
i have a SSH error, here is some onfo.....

RH6.2
Kernel 2.4.18
SSH 3.1.0
==============
All users trying to login through port 22 (aka, ssh) get the
ssh: FATAL: Access Denied.

and this answer comes very very fast, so i think the SSHD2 does not even try to check the password..

any ideas ??


              a8888b.            
             d888888b.            
             8P"YP"Y88            
             8|o||o|88            
             8'    .88            
             8`._.' Y8.            
            d/      `8b.          
          .dP   .     Y8b.        
         d8:'   "   `::88b.        
        d8"           `Y88b      
       :8P     '       :888        
        8a.    :      _a88P        
      ._/"Yaa_ :    .| 88P|        
 jgs  \    YP"      `| 8P  `.      
 a:f  /     \._____.d|    .'      
      `--..__)888888P`._.'        
0
Comment
Question by:neostudio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 6899009
Is sshd running on the target system? You can check for it with 'ps -ef | grep sshd | grep -v grep'.

Is there a firewall active on the target system?
0
 
LVL 3

Author Comment

by:neostudio
ID: 6899525
sshd is running !!
i can connect and it asks for the username,. then the password.
but no password for any user is accepted !!


here is some of the sshd2_config file...


## Authentication
## Hostbased and PAM are not enabled by default.
BannerMessageFile               /etc/issue.net
PasswordGuesses                 3
AllowedAuthentications          hostbased,password,publickey
RequiredAuthentications         publickey,password
#       SshPAMClientPath                ssh-pam-client




</Ruslan>
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6899759
Can I see what your sshd_config file looks like?
0
Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

 
LVL 3

Author Comment

by:neostudio
ID: 6900678
Ok.........

## SSH CONFIGURATION FILE FORMAT VERSION 1.1
## REGEX-SYNTAX egrep
## end of metaconfig
## (leave above lines intact!)
## sshd2_config
## SSH 3.0 Server Configuration File
## General

#       VerboseMode                     no
#       QuietMode                       yes
#       ForcePTTYAllocation             no
#       SyslogFacility                  AUTH
#       SyslogFacility                  LOCAL7

## Network
# Port is not commented out, as it is needed by the example startup
# scripts. Well, the default won't likely change.
Port                            22
ListenAddress                   any
#       RequireReverseMapping           no
#       MaxBroadcastsPerSecond          0
#       MaxBroadcastsPerSecond          1
NoDelay                         yes
KeepAlive                       yes
MaxConnections                  3




## Crypto
#Ciphers                                Blowfish
#AnyCipher
#       RekeyIntervalSeconds            3600




## User
PrintMotd                       yes
CheckMail                       yes
UserConfigDirectory             "%D/.ssh2"
#       UserKnownHosts                  yes
LoginGraceTime                  60
PermitEmptyPasswords            no
#       StrictModes                     yes
#       IdleTimeOut                     1h

# This variable is set here, because by default it's empty, and so no
# variables can be set. Because of that, we set a few common ones here.
        SettableEnvironmentVars         LANG,LC_(ALL|COLLATE|CTYPE|MONETARY|NUMERIC|TIME),PATH,TERM,TZ



## User public key authentication
#       HostKeyFile                     hostkey
#       PublicHostKeyFile               hostkey.pub
#       RandomSeedFile                  random_seed
#       IdentityFile                    identification
#       AuthorizationFile               authorization
#       AllowAgentForwarding            yes


## Tunneling
#       AllowX11Forwarding              yes
#       AllowTcpForwarding              yes
#       AllowTcpForwardingForUsers      sjl, cowboyneal@slashdot\.org
#       DenyTcpForwardingForUsers       2[[:isdigit:]]*4,peelo
#       AllowTcpForwardingForGroups     priviliged_tcp_forwarders
#       DenyTcpForwardingForGroups      coming_from_outside


## Authentication
## Hostbased and PAM are not enabled by default.
BannerMessageFile               /etc/issue.net
PasswordGuesses                 3
AllowedAuthentications          hostbased,password,publickey
RequiredAuthentications ## Host restrictions
AllowHosts                      localhost 192.168.0.14 192.168.0.50
DenyHosts                       yahoo.com hotmail.com microsoft.com

## User restrictions
#       AllowUsers                      sj.*,s[[:isdigit:]]*,s(jl|amza)
#       DenyUsers                       skuuppa,warezdude,31373
#       DenyUsers                       don@untrusted\.org
#       AllowGroups                     staff,users
#       DenyGroups                      guest
PermitRootLogin                 no

## SSH1 compatibility
#       Ssh1Compatibility               <set by configure by default>
#       Sshd1Path                       <set by configure by default>
#
# This is given as argument to sshd1 with "-f" if sshd2 is invoked
# with "-f"
#       Sshd1ConfigFile                 /etc/sshd_config_alternate

## Chrooted environment
ChRootUsers                     ftpadmin
ChRootGroups                    ftpadmin


## subsystem definitions

# Subsystem's don't have defaults, so this is needed here (uncommented).
        subsystem-sftp                  sftp-server
        publickey,password
#       SshPAMClientPath                ssh-pam-client



so what do you see here ?
0
 
LVL 40

Accepted Solution

by:
jlevie earned 200 total points
ID: 6900946
First of all I can see that you are using the commercial SSH implementation rather than OpenSSH. I was guessing that to be the case from the earlier reference to 'RequiredAuthentications', but wanted to see the complete config file to be certain. Since the OpenSSH is the standard for Linux is there some specific reason that you are using the commercial version?

By what I see in the config file you've restricted access to the SSH server to localhost on the machine running SSH and two other IP's (192.168.0.14 192.168.0.50). Are you trying the connection from one of those two IP's? What happens if you connect to the localhost IP while logged on the SSH server box. Trying localhost would eliminate any firewalls or routers from the equation. Also is it possible that there's another copy of sshd installed and running?

Obviously this isn't a stock 6.2 system since you are running a 2.4.18 kernel. Such a radical departure from a RedHat distribution tends to make me think that using a binary rpm for SSH, which I assume is what you installed, might be iffy.
0
 
LVL 3

Author Comment

by:neostudio
ID: 6901113
Hi again jlevie  !!

let me be frank, i already solved the problem, it was the
'RequiredAuthentications' as you suggested, but it was more my error than SSHd it self !!

i was asking for a hostbased certificate while but not comparing to it, which made the server deny any certificate, that was easy .

And for sure :-p
it is not a stock 6.2, i just made the installation long time ago, and it is (i think) the most secure linux ever found, i am patching it daily with the latest pathes and updating it weekly, it is VERY MUCH uptodated version, but i can't run away, it is still called a RH6.2 somewhere .

anyway,
thank you for your help, please drop me a line at
jlevie.EE.Q.20281866@opilki.com if you will have the time ..

regards,
</Ruslan>
0
 
LVL 3

Author Comment

by:neostudio
ID: 6901115
Thanks again ...
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question