ssh is not allowing individual user to login through passwd authentication

Hi

      I have this version of ssh available in our server
ssh: F-Secure SSH 5.0.3 on powerpc-ibm-aix5.3.0.0
I have created user testttu in local lpar  I am unable to login this lpar with this user.

/var/log/messages shows below--------Error message -Could anybody help please?

sshd2[716844]: password authentication failed. Connection from <hostname>denied. Authentication as user testttu was attempted.
below is the ssh_config entry I have in server

lsuser testttu
testttu id=206 pgrp=staff groups=staff home=/home/testttu shell=/usr/bin/ksh auditclasses=barclays_audit1 login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=files SYSTEM=compat logintimes= loginretries=5 pwdwarntime=7 account_locked=false minage=0 maxage=4 maxexpired=-1 minalpha=2 minother=2 mindiff=2 maxrepeats=4 minlen=8 histexpire=52 histsize=12 pwdchecks= dictionlist= fsize=-1 cpu=-1 data=-1 stack=-1 core=-1 rss=-1 nofiles=-1 fsize_hard=-1 cpu_hard=-1 data_hard=-1 stack_hard=-1 core_hard=-1 rss_hard=-1 nofiles_hard=-1 time_last_unsuccessful_login=1272466585 tty_last_unsuccessful_login=ssh host_last_unsuccessful_login=tide2001u unsuccessful_login_count=0 roles=


below is the ssh_config entry I have in server



# $Header: /repos/consol/mandatory/aix/SSHLR2/RCS/node_sshd2_config_template,v 2.4 2005/10/18 13:09:20 root Exp $
#
# sshd default node configuration template for Landscape Release 2
#



AllowAgentForwarding    yes
#Specifies whether agent forwarding is permitted

AllowedAuthentications  password, publickey
#This keyword specifies the authentication methods that are allowed. If RequiredAuthentications is specified, AllowedAuthentications is simply ignored.

AllowedPasswordAuthentications  kerberos,local
#This keyword specifies the different password authentication schemes that are allowed.

#AllowGroups    su_root
#This keyword can be followed by any number of group name patterns, separated by commas.

AllowHosts      NOT SPECIFIED
#This keyword can be followed by any number of host name patterns, separated by commas.

#AllowSHosts    NOT SPECIFIED
#This keyword can be followed by any number of host name patterns, separated by commas.

AllowTcpForwarding      yes
#Specifies whether TCP forwarding is permitted.

AllowTcpForwardingForGroups     NOT SPECIFIED
#The syntax is the same as in AllowGroups, but instead of login, this controls the ability to forward ports, in remote or local forwarding.

AllowTcpForwardingForUsers      NOT SPECIFIED
#Syntax is the same as in AllowUsers, but instead of login, this controls the ability to forward ports, in remote or local forwarding.

#AllowUsers     NOT SPECIFIED
AllowUsers      testttu*
#This keyword can be followed by any number of user name patterns or user@host patterns, separated by commas.

AllowX11Forwarding              yes
#Specifies whether X11 forwarding is permitted.

AuthorizationFile       authorization
#Specifies the name of the user's authorization file.

BannerMessageFile       /etc/ssh2/ssh_banner_message
#Specifies the path to the message that is sent to the client before authentication.

CheckMail       no
#Specifies if sshd should print information whether there is new mail or not when a user logs in interactively.

#ChRootGroups   NOT SPECIFIED
#Specifies whether sshd should give the user who belongs to the defined group a chrooted environment.

#ChRootUsers    NOT SPECIFIED
#Specifies whether sshd should give the user a chrooted environment.

Ciphers aes, 3des
#Specifies the ciphers to use for encrypting the session.

#DenyGroups     NOT SPECIFIED
#This keyword can be followed by any number of group name patterns, separated by commas.

#DenyHosts      NOT SPECIFIED
#This keyword can be followed by any number of host name patterns, separated by commas

#DenySHosts     NOT SPECIFIED
#This keyword can be followed by any number of host name patterns, separated by commas

#DenyTcpForwardingForGroups     NOT SPECIFIED
#The syntax is the same as in DenyGroups, but instead of login, this controls the ability to forward ports, in remote or local forwarding.

#DenyTcpForwardingForUsers      NOT SPECIFIED
#The syntax is the same as in DenyUsers, but instead of login, this controls the ability to forward ports, in remote or local forwarding.

#DenyUsers      NOT SPECIFIED
#This keyword can be followed by any number of user name patterns or user@host patterns, separated by commas.

#DontFork       yes
#VERSION 3.3 ONLY - Controls whether or not the server should fork after starting.

#ForcePTTYAllocation    NOT SPECIFIED
#Force tty allocation, i.e., allocate a tty even if a command is given.

HostbasedAuthForceClientHostnameDNSMatch        no
#If the host name given by the client does not match the one found in DNS, fail host-based authentication.

HostKeyFile     /etc/ssh2/hostkey
#Specifies the file containing the private host key (default /etc/ssh2/hostkey).

#HostSpecificConfig     NOT SPECIFIED
# Specifies a subconfiguration file to be used for listed hosts.

IdleTimeOut     0
#Sets the idle timeout limit to time in seconds (s or nothing after number), in minutes (m), in hours (h), in days (d), or in weeks (w )

IgnoreRhosts    no
#Specifies that the rhosts and shosts files will not be used in "hostbased" authentication (see AllowedAuthentications )

IgnoreRlogin    no
#VERSION 3.3 ONLY - The SSH server's handling of the AIX rlogin flag can now be specified in the server config file by changing the value of the IgnoreRlogin configuration option.

IgnoreRootRhosts        yes
#Specifies that the rhosts and shosts files will not be used in authentication for root.

KeepAlive       yes
#Specifies whether the system should send keepalive messages to the other side.

ListenAddress   xx.xx.xx.xxx
#Specifies the IP address of the interface where the sshd2 server socket is bound.

LoginGraceTime  1200
#The server disconnects after this time if the user has not successfully logged in

MACs    hmac-sha1
#Specifies the MAC (Message Authentication Code) algorithm to use for data integrity verification.

MaxBroadcastsPerSecond  0
#Specifies how many UDP broadcasts server handles per second.

MaxConnections  0
#Specifies the maximum number of connections sshd2 will handle simultaneously.

NoDelay no
#If "yes", enable socket option TCP_NODELAY.

PasswordGuesses 3
#Specifies the number of tries that the user has when using password authentication

PermitEmptyPasswords    no
#When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings.

PermitRootLogin nopwd
#Specifies whether the root can log in using ssh2.

Port    22
#Specifies the port number that sshd2 listens on.

PrintMotd       yes
#Specifies whether sshd2 should print /etc/motd when a user logs in interactively.

PublicHostKeyFile       /etc/ssh2/hostkey.pub
#Specifies the file containing the public host key (default /etc/ssh2/hostkey.pub).

QuietMode       no
#Specifies whether the system runs in quiet mode. In quiet mode, nothing is logged in the system log, except fatal errors.

#RadiusKey      NOT SPECIFIED
#Specifies the shared secret used between ssh and RADIUS servers.

#RadiusServer   NOT SPECIFIED
#Specifies the RADIUS server address.

#RandomSeedFile NOT SPECIFIED
#Specifies the name of the random seed file.

#RekeyIntervalSeconds   NOT SPECIFIED
#Specifies the interval in seconds at which the key exchange will be done again.

RequiredAuthentications password
#Related to AllowedAuthentications, this is used to specify what authentication methods the users must complete before continuing

RequireReverseMapping   no
#This is used to check whether hostname DNS lookup must succeed when checking whether connections from host are allowed using AllowHosts and DenyHosts.

#SettableEnvironmentVars        NOT SPECIFIED
#This keyword can be followed by any number of patterns, separated by commas.

Ssh1Compatibility       no
#Specifies whether to use SSH1 compatibility code.

#Sshd1ConfigFile        NOT SPECIFIED
#Specifies alternate config file to specify for sshd1, when it is executed by sshd2 in compatibility mode.

#Sshd1Path      NOT SPECIFIED
#Specifies the path to sshd1 daemon which will be executed if the client supports only SSH 1.x protocols.

#SshPAMClientPath       NOT SPECIFIED
#Specifies the path to ssh-pam-client, which is used as a helper application to converse with the PAM modules by sshd2.

StrictModes     no
#Specifies whether sshd2 should check file modes and ownership of the user's home directory and rhosts files before accepting login.

subsystem-sftp  /usr/bin/sftp-server2
#subsystem-sftp  internal://sftp-server
#Sftp uses a subsystem of sshd2 to transfer files securely. In order to use the sftp server, you must have the following subsystem definition:

SyslogFacility  AUTH
#Gives the facility code that is used when logging messages from sshd2.

UserConfigDirectory     %D/.ssh2
#Specifies where user-specific configuration data should be fetched from.

UserKnownHosts  yes
#Specifies whether the user's $HOME/.ssh2/knownhosts/ directory can be used to fetch host public keys when using "hostbased" authentication.

UserSpecificConfig      root /etc/ssh2/root_subconfig
# Specifies a subconfiguration file to be used for listed users.

#VerboseMode    NOT SPECIFIED
#Verbose mode. Causes sshd2 to print debugging messages about its progress.




LVL 2
rammaghentharAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

woolmilkporcCommented:
1)
AllowHosts      NOT SPECIFIED
needs to be commented out, else only hosts "NOT" and "SPECIFIED" are allowed.

2)  Do you use tcp wrappers? If yes, what's in /etc/host.allow resp. /etc/host.deny?

wmp
0
rammaghentharAuthor Commented:
We have reconfigured ssh then it went fine
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.