Create a new SSH user but can't login ("Permission denied")

I created a new SSH user (useradd mynewuser), however, when I try to connect remotely, I receive a permission denied error.

I search EE and found this article which looks like the similar problem...but I don't understand the solution:

http://www.experts-exchange.com/OS/Linux/Administration/Q_21613008.html?sfQueryTermInfo=1+creat+ssh+user

This is from my SSH configuration file (/etc/ssh/sshd_config):

   # Authentication:
   PermitRootLogin yes
   #StrictModes yes
   MaxAuthTries 3

Here is my user ID info:

   uid=514(mynewuser) gid=515(mynewuser) groups=515(mynewuser)

Any ideas?
bearclaws75Asked:
Who is Participating?
 
Jan SpringerCommented:
If you have console access and will not hinder other remote port 22 connections, stop sshd and:

    sshd -D

If you have to maintain the existing port 22 in daemon mode, copy the sshd_config to sshd_24_config, change the port to 24 in the alternate config and:

    sshd -p 24 -D -f /path/to/alternate/sshd_24_config

Have the client connect using port 24.

Things to check:

1) are you requiring forward and inverse DNS and the client does not have matching data
2) do you have an 'AllowUsers' in sshd_config that restricts by username
3) do you have 'PasswordAuthentication yes' in your sshd_config
0
 
ry_berkCommented:
I think the article is saying to change it to : PermitRootLogin no
Then change the uid and gid from 514 and 515 to something else. ( I believe they are root id's)

Give it a shot.

Also check to make sure you are entering the information in correctly every time.
0
 
medveddCommented:
What about PasswordAuthentication in sshd_config? If it's set to No, change it to Yes and restart sshd
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
bearclaws75Author Commented:

ry_berk --> Isn't "0" the root UID/GID?

medvedd --> PasswordAuthentication is set to "yes". Here are some additional settings from the file.

   # To disable tunneled clear text passwords, change to no here!
   #PermitEmptyPasswords no
   PasswordAuthentication yes

   # Change to no to disable s/key passwords
   #ChallengeResponseAuthentication yes
   ChallengeResponseAuthentication no

   # Kerberos options
   #KerberosAuthentication no
   #KerberosOrLocalPasswd yes
   #KerberosTicketCleanup yes
   #KerberosGetAFSToken no

   # GSSAPI options
   #GSSAPIAuthentication no
   GSSAPIAuthentication yes
   #GSSAPICleanupCredentials yes
   GSSAPICleanupCredentials yes
   
0
 
tty2Commented:
Can user login locally? Check user's shell and homedir in /etc/passwd.
Set

UsePAM yes

in /etc/ssh/sshd_config
0
 
bearclaws75Author Commented:
jesper --> i did NOT have the new user in the AllowUsers list.

I added the new user and am now able to connect (i.e. no more permission denied message)...but the connection immediately closes. Here is the message I get:

   Last login: Fri Apr 16 11:08:42 2010 from c-98-214-241-123.hsd1.il.comcast.net
   usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
              [-D [bind_address:]port] [-e escape_char] [-F configfile]
              [-i identity_file] [-L [bind_address:]port:host:hostport]
              [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
              [-R [bind_address:]port:host:hostport] [-S ctl_path]
              [-w local_tun[:remote_tun]] [user@]hostname [command]
   Connection to 12.345.678.172 closed.
   #

I tested my login as "root" and have no problems.

I've added my sshd_config file here (as .txt) for reference.

sshd-config.txt
0
 
medveddCommented:
Can you show content of your /etc/pam.d/sshd file?
0
 
Jan SpringerCommented:
sshd_config uncomment:

   SyslogFacility AUTH

And what is the shell for this account?  It sounds like a valid auth but no valid shell.

If your pam sshd isn't configured correctly, you can immediately find out by changing 'UsePAM to no' in your sshd_config.
0
 
bearclaws75Author Commented:
This is the content of /etc/pam.d/sshd...

#%PAM-1.0
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    required     pam_loginuid.so
0
 
bearclaws75Author Commented:
jesper --> good point RE: shell access. I think the user configuration got messed up during my testing.

I deleted and re-added the user and can now access SSH successfully :)

It looks like this was the primary problem: I simply needed to add user to AllowUsers list

Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.