Go Premium for a chance to win a PS4. Enter to Win


SSH login error

Posted on 2002-03-26
Medium Priority
Last Modified: 2012-06-27
i have a SSH error, here is some onfo.....

Kernel 2.4.18
SSH 3.1.0
All users trying to login through port 22 (aka, ssh) get the
ssh: FATAL: Access Denied.

and this answer comes very very fast, so i think the SSHD2 does not even try to check the password..

any ideas ??

             8'    .88            
             8`._.' Y8.            
            d/      `8b.          
          .dP   .     Y8b.        
         d8:'   "   `::88b.        
        d8"           `Y88b      
       :8P     '       :888        
        8a.    :      _a88P        
      ._/"Yaa_ :    .| 88P|        
 jgs  \    YP"      `| 8P  `.      
 a:f  /     \._____.d|    .'      
Question by:neostudio
  • 4
  • 3
LVL 40

Expert Comment

ID: 6899009
Is sshd running on the target system? You can check for it with 'ps -ef | grep sshd | grep -v grep'.

Is there a firewall active on the target system?

Author Comment

ID: 6899525
sshd is running !!
i can connect and it asks for the username,. then the password.
but no password for any user is accepted !!

here is some of the sshd2_config file...

## Authentication
## Hostbased and PAM are not enabled by default.
BannerMessageFile               /etc/issue.net
PasswordGuesses                 3
AllowedAuthentications          hostbased,password,publickey
RequiredAuthentications         publickey,password
#       SshPAMClientPath                ssh-pam-client

LVL 40

Expert Comment

ID: 6899759
Can I see what your sshd_config file looks like?
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  


Author Comment

ID: 6900678

## end of metaconfig
## (leave above lines intact!)
## sshd2_config
## SSH 3.0 Server Configuration File
## General

#       VerboseMode                     no
#       QuietMode                       yes
#       ForcePTTYAllocation             no
#       SyslogFacility                  AUTH
#       SyslogFacility                  LOCAL7

## Network
# Port is not commented out, as it is needed by the example startup
# scripts. Well, the default won't likely change.
Port                            22
ListenAddress                   any
#       RequireReverseMapping           no
#       MaxBroadcastsPerSecond          0
#       MaxBroadcastsPerSecond          1
NoDelay                         yes
KeepAlive                       yes
MaxConnections                  3

## Crypto
#Ciphers                                Blowfish
#       RekeyIntervalSeconds            3600

## User
PrintMotd                       yes
CheckMail                       yes
UserConfigDirectory             "%D/.ssh2"
#       UserKnownHosts                  yes
LoginGraceTime                  60
PermitEmptyPasswords            no
#       StrictModes                     yes
#       IdleTimeOut                     1h

# This variable is set here, because by default it's empty, and so no
# variables can be set. Because of that, we set a few common ones here.

## User public key authentication
#       HostKeyFile                     hostkey
#       PublicHostKeyFile               hostkey.pub
#       RandomSeedFile                  random_seed
#       IdentityFile                    identification
#       AuthorizationFile               authorization
#       AllowAgentForwarding            yes

## Tunneling
#       AllowX11Forwarding              yes
#       AllowTcpForwarding              yes
#       AllowTcpForwardingForUsers      sjl, cowboyneal@slashdot\.org
#       DenyTcpForwardingForUsers       2[[:isdigit:]]*4,peelo
#       AllowTcpForwardingForGroups     priviliged_tcp_forwarders
#       DenyTcpForwardingForGroups      coming_from_outside

## Authentication
## Hostbased and PAM are not enabled by default.
BannerMessageFile               /etc/issue.net
PasswordGuesses                 3
AllowedAuthentications          hostbased,password,publickey
RequiredAuthentications ## Host restrictions
AllowHosts                      localhost
DenyHosts                       yahoo.com hotmail.com microsoft.com

## User restrictions
#       AllowUsers                      sj.*,s[[:isdigit:]]*,s(jl|amza)
#       DenyUsers                       skuuppa,warezdude,31373
#       DenyUsers                       don@untrusted\.org
#       AllowGroups                     staff,users
#       DenyGroups                      guest
PermitRootLogin                 no

## SSH1 compatibility
#       Ssh1Compatibility               <set by configure by default>
#       Sshd1Path                       <set by configure by default>
# This is given as argument to sshd1 with "-f" if sshd2 is invoked
# with "-f"
#       Sshd1ConfigFile                 /etc/sshd_config_alternate

## Chrooted environment
ChRootUsers                     ftpadmin
ChRootGroups                    ftpadmin

## subsystem definitions

# Subsystem's don't have defaults, so this is needed here (uncommented).
        subsystem-sftp                  sftp-server
#       SshPAMClientPath                ssh-pam-client

so what do you see here ?
LVL 40

Accepted Solution

jlevie earned 200 total points
ID: 6900946
First of all I can see that you are using the commercial SSH implementation rather than OpenSSH. I was guessing that to be the case from the earlier reference to 'RequiredAuthentications', but wanted to see the complete config file to be certain. Since the OpenSSH is the standard for Linux is there some specific reason that you are using the commercial version?

By what I see in the config file you've restricted access to the SSH server to localhost on the machine running SSH and two other IP's ( Are you trying the connection from one of those two IP's? What happens if you connect to the localhost IP while logged on the SSH server box. Trying localhost would eliminate any firewalls or routers from the equation. Also is it possible that there's another copy of sshd installed and running?

Obviously this isn't a stock 6.2 system since you are running a 2.4.18 kernel. Such a radical departure from a RedHat distribution tends to make me think that using a binary rpm for SSH, which I assume is what you installed, might be iffy.

Author Comment

ID: 6901113
Hi again jlevie  !!

let me be frank, i already solved the problem, it was the
'RequiredAuthentications' as you suggested, but it was more my error than SSHd it self !!

i was asking for a hostbased certificate while but not comparing to it, which made the server deny any certificate, that was easy .

And for sure :-p
it is not a stock 6.2, i just made the installation long time ago, and it is (i think) the most secure linux ever found, i am patching it daily with the latest pathes and updating it weekly, it is VERY MUCH uptodated version, but i can't run away, it is still called a RH6.2 somewhere .

thank you for your help, please drop me a line at
jlevie.EE.Q.20281866@opilki.com if you will have the time ..


Author Comment

ID: 6901115
Thanks again ...

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month10 days, 22 hours left to enroll

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question