Solved

SSH login error

Posted on 2002-03-26
7
591 Views
Last Modified: 2012-06-27
Hi,
i have a SSH error, here is some onfo.....

RH6.2
Kernel 2.4.18
SSH 3.1.0
==============
All users trying to login through port 22 (aka, ssh) get the
ssh: FATAL: Access Denied.

and this answer comes very very fast, so i think the SSHD2 does not even try to check the password..

any ideas ??


              a8888b.            
             d888888b.            
             8P"YP"Y88            
             8|o||o|88            
             8'    .88            
             8`._.' Y8.            
            d/      `8b.          
          .dP   .     Y8b.        
         d8:'   "   `::88b.        
        d8"           `Y88b      
       :8P     '       :888        
        8a.    :      _a88P        
      ._/"Yaa_ :    .| 88P|        
 jgs  \    YP"      `| 8P  `.      
 a:f  /     \._____.d|    .'      
      `--..__)888888P`._.'        
0
Comment
Question by:neostudio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 6899009
Is sshd running on the target system? You can check for it with 'ps -ef | grep sshd | grep -v grep'.

Is there a firewall active on the target system?
0
 
LVL 3

Author Comment

by:neostudio
ID: 6899525
sshd is running !!
i can connect and it asks for the username,. then the password.
but no password for any user is accepted !!


here is some of the sshd2_config file...


## Authentication
## Hostbased and PAM are not enabled by default.
BannerMessageFile               /etc/issue.net
PasswordGuesses                 3
AllowedAuthentications          hostbased,password,publickey
RequiredAuthentications         publickey,password
#       SshPAMClientPath                ssh-pam-client




</Ruslan>
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6899759
Can I see what your sshd_config file looks like?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 3

Author Comment

by:neostudio
ID: 6900678
Ok.........

## SSH CONFIGURATION FILE FORMAT VERSION 1.1
## REGEX-SYNTAX egrep
## end of metaconfig
## (leave above lines intact!)
## sshd2_config
## SSH 3.0 Server Configuration File
## General

#       VerboseMode                     no
#       QuietMode                       yes
#       ForcePTTYAllocation             no
#       SyslogFacility                  AUTH
#       SyslogFacility                  LOCAL7

## Network
# Port is not commented out, as it is needed by the example startup
# scripts. Well, the default won't likely change.
Port                            22
ListenAddress                   any
#       RequireReverseMapping           no
#       MaxBroadcastsPerSecond          0
#       MaxBroadcastsPerSecond          1
NoDelay                         yes
KeepAlive                       yes
MaxConnections                  3




## Crypto
#Ciphers                                Blowfish
#AnyCipher
#       RekeyIntervalSeconds            3600




## User
PrintMotd                       yes
CheckMail                       yes
UserConfigDirectory             "%D/.ssh2"
#       UserKnownHosts                  yes
LoginGraceTime                  60
PermitEmptyPasswords            no
#       StrictModes                     yes
#       IdleTimeOut                     1h

# This variable is set here, because by default it's empty, and so no
# variables can be set. Because of that, we set a few common ones here.
        SettableEnvironmentVars         LANG,LC_(ALL|COLLATE|CTYPE|MONETARY|NUMERIC|TIME),PATH,TERM,TZ



## User public key authentication
#       HostKeyFile                     hostkey
#       PublicHostKeyFile               hostkey.pub
#       RandomSeedFile                  random_seed
#       IdentityFile                    identification
#       AuthorizationFile               authorization
#       AllowAgentForwarding            yes


## Tunneling
#       AllowX11Forwarding              yes
#       AllowTcpForwarding              yes
#       AllowTcpForwardingForUsers      sjl, cowboyneal@slashdot\.org
#       DenyTcpForwardingForUsers       2[[:isdigit:]]*4,peelo
#       AllowTcpForwardingForGroups     priviliged_tcp_forwarders
#       DenyTcpForwardingForGroups      coming_from_outside


## Authentication
## Hostbased and PAM are not enabled by default.
BannerMessageFile               /etc/issue.net
PasswordGuesses                 3
AllowedAuthentications          hostbased,password,publickey
RequiredAuthentications ## Host restrictions
AllowHosts                      localhost 192.168.0.14 192.168.0.50
DenyHosts                       yahoo.com hotmail.com microsoft.com

## User restrictions
#       AllowUsers                      sj.*,s[[:isdigit:]]*,s(jl|amza)
#       DenyUsers                       skuuppa,warezdude,31373
#       DenyUsers                       don@untrusted\.org
#       AllowGroups                     staff,users
#       DenyGroups                      guest
PermitRootLogin                 no

## SSH1 compatibility
#       Ssh1Compatibility               <set by configure by default>
#       Sshd1Path                       <set by configure by default>
#
# This is given as argument to sshd1 with "-f" if sshd2 is invoked
# with "-f"
#       Sshd1ConfigFile                 /etc/sshd_config_alternate

## Chrooted environment
ChRootUsers                     ftpadmin
ChRootGroups                    ftpadmin


## subsystem definitions

# Subsystem's don't have defaults, so this is needed here (uncommented).
        subsystem-sftp                  sftp-server
        publickey,password
#       SshPAMClientPath                ssh-pam-client



so what do you see here ?
0
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 6900946
First of all I can see that you are using the commercial SSH implementation rather than OpenSSH. I was guessing that to be the case from the earlier reference to 'RequiredAuthentications', but wanted to see the complete config file to be certain. Since the OpenSSH is the standard for Linux is there some specific reason that you are using the commercial version?

By what I see in the config file you've restricted access to the SSH server to localhost on the machine running SSH and two other IP's (192.168.0.14 192.168.0.50). Are you trying the connection from one of those two IP's? What happens if you connect to the localhost IP while logged on the SSH server box. Trying localhost would eliminate any firewalls or routers from the equation. Also is it possible that there's another copy of sshd installed and running?

Obviously this isn't a stock 6.2 system since you are running a 2.4.18 kernel. Such a radical departure from a RedHat distribution tends to make me think that using a binary rpm for SSH, which I assume is what you installed, might be iffy.
0
 
LVL 3

Author Comment

by:neostudio
ID: 6901113
Hi again jlevie  !!

let me be frank, i already solved the problem, it was the
'RequiredAuthentications' as you suggested, but it was more my error than SSHd it self !!

i was asking for a hostbased certificate while but not comparing to it, which made the server deny any certificate, that was easy .

And for sure :-p
it is not a stock 6.2, i just made the installation long time ago, and it is (i think) the most secure linux ever found, i am patching it daily with the latest pathes and updating it weekly, it is VERY MUCH uptodated version, but i can't run away, it is still called a RH6.2 somewhere .

anyway,
thank you for your help, please drop me a line at
jlevie.EE.Q.20281866@opilki.com if you will have the time ..

regards,
</Ruslan>
0
 
LVL 3

Author Comment

by:neostudio
ID: 6901115
Thanks again ...
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question