Solved

cannot login via SSH after allowing the user

Posted on 2010-11-09
31
553 Views
Last Modified: 2012-05-10
I have created a new user in Unbuntu server. I have added it to the same groups as the root login user. I have also edited the sshd config file to AllowUsers newuser. I have restarted ssh but I still cannot login via this particular user.

What am I doing wrong?

Many Thanks in advance
0
Comment
Question by:bilbazafa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 17
  • 11
  • 2
  • +1
31 Comments
 
LVL 4

Expert Comment

by:Antyrael
ID: 34092548
Does this user have the group ID 0 (root)?
Then you problably disallowed ssh root logon in your sshd_config file (which is actually a good thing).
0
 

Author Comment

by:bilbazafa
ID: 34092606
I'm new to Linux so you'll have to bare with me...

I'm not quit sure about the group ID your asking me but it does say in the sshd file PermitRootLogin yes

Thanks
0
 
LVL 4

Expert Comment

by:Antyrael
ID: 34092657
Did you set a password for this new user? he/she can login locally?
PermitRootLogin is yes so that's not holding it back.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:bilbazafa
ID: 34092672
Yes Antyrael I have set the password for the user and no they cannot login locally either.

Thanks
0
 
LVL 4

Accepted Solution

by:
Antyrael earned 250 total points
ID: 34092700
It looks like the user doesn't have a shell assigned, try this command:
usermod -s /bin/bash accountname
Replace accountname with the actual account name.
0
 

Author Comment

by:bilbazafa
ID: 34092709
What I did is created a new user with a password. I then had a look at the groups the root user was on, then just addd the newuser to those groups also.

Have a missed something?
0
 
LVL 4

Expert Comment

by:Antyrael
ID: 34092745
I'm not very familiar with any graphical interfaces on Ubuntu (or any other Linux for that matter).
The earlier usermod command I mentioned needs to be run as root by the way.

You could also check the /var/log/messages log for errors with that account.
0
 

Author Comment

by:bilbazafa
ID: 34092905
I have done the 'sudo usermod -s /bin/bash accountname' command and it says 'usermod: no change'

I did all of the changes via ssh locally, as there is no gui in Unbuntu server from what I know of.

How would I check the log file?

Thanks
'
0
 

Author Comment

by:bilbazafa
ID: 34092916
I've just gone into the messages via nano and there is only 4 lines of text each has nothing to do with what we are talking about.
0
 
LVL 4

Expert Comment

by:Antyrael
ID: 34092968
It returned "no change" because the account already had /bin/bash set as command environment.
You can check the logfile with a few commands:
1) less /var/log/messages
2) tail /var/log/messages
3) grep username /var/log/messages

1: this way you can use the arrow keys, Page Down and Page Up to scroll through the entire log file.
2: this command will output the last 10 lines of the log file; use tail -n20 to show 20 lines, etc.
3: grep will search the file /var/log/messages for the string "username" and output the lines containing it.

You can also use tail -f /var/log/messages to follow the log file as it receives additional info (hit CTRL-C to exit).
0
 
LVL 78

Expert Comment

by:arnold
ID: 34093012
grep accountname /etc/passwd
grep accountname /etc/shadow

Check to make sure that the entry in /etc/shadow has a password
accountname:$1$dsfdsfsdfdsfdssf:
versus
accountname:!!:

0
 

Author Comment

by:bilbazafa
ID: 34093055
after you have done the grep command what do I then do??? As it does not open anything?
0
 

Author Comment

by:bilbazafa
ID: 34093269
Answer to Arnold the shadow accountname does a have a password against it as far as I can see
0
 
LVL 4

Expert Comment

by:Antyrael
ID: 34093286
It should show you at least 1 line per command, like this:
~@host# grep accountname /etc/passwd
accountname:x:501:501:accountname,,,:/home/accountname:/bin/bash

~@host# grep accountname /etc/shadow
accountname:randomcharacters:number:0:0::::

Values are fictional in above examples.

If you get no output from these commands (the 2nd will automatically show nothing if the 1st shows nothing), then the account with accountname does not exist.
0
 

Author Comment

by:bilbazafa
ID: 34093385
Arnold they do look like you have in your examples, so all looks right there
0
 

Author Comment

by:bilbazafa
ID: 34093426
If I do this command Antyrael 'grep username /var/log/messages' It appears to do nothing. Do I need to do something else to see the results?
0
 
LVL 4

Expert Comment

by:Antyrael
ID: 34093449
No, if you get no output with that command, it simply means the string "username" is not found in the file.

Can you show us the output of the command "grep username /etc/passwd" (without the quotes, replace username with the actual account)?
Please feel free to mask the actual username and description.
0
 

Author Comment

by:bilbazafa
ID: 34093513
It says:-

user:x:1001:33::/home/user:/bin/bash
0
 

Author Comment

by:bilbazafa
ID: 34093683
Would it be worth deleting the user then you telling me how you would create a new admin user that has all the privileges of the root user and is able to login locally via ssh?
0
 
LVL 4

Expert Comment

by:Antyrael
ID: 34093768
Well, I don't make a habit of creating a user account that has root privileges, because that would imply the user having ID 0 and GID 0, just like the root account and that is a huge security risk.
If you want to delegate administrative tasks to someone else, I would advise to add the use to the sudoers file.
You do this with the following command: sudoedit /etc/sudoers
Simply add a line similar to this:
username ALL=(ALL) ALL

If you look at the file and see a line "%admin ALL=(ALL) ALL", you can also add the user account to the admin group.
sudo usermod -G admin username
0
 

Author Comment

by:bilbazafa
ID: 34093799
OK thanks I'll give it a go. So should I delete this user and then start again from scratch?
0
 
LVL 4

Expert Comment

by:Antyrael
ID: 34093812
Maybe that would be a good idea, since you've already been changing group memberships.
A fresh start might just be what this needs.
0
 

Author Comment

by:bilbazafa
ID: 34093899
If I run the delete user command will it delete the home folder and all permissions I assigned to it, groups etc?
0
 

Author Comment

by:bilbazafa
ID: 34093903
As in remove all trace of the user?
0
 

Author Comment

by:bilbazafa
ID: 34094068
Just deleted the user and his home directory. Created the user again granted him access to admin as I did before. But he still cannot log in via ssh locally????
0
 
LVL 4

Expert Comment

by:Antyrael
ID: 34094070
No, you have to manually delete the /home/username folder.
For the rest, it's all gone.
0
 

Author Comment

by:bilbazafa
ID: 34094092
There has to be something missing, as in I need to add the user to something specific to allow him to login to ssh!!
0
 
LVL 4

Assisted Solution

by:Antyrael
Antyrael earned 250 total points
ID: 34094167
I think your first priority would be to make sure the user can actually login on the console locally, not through ssh.
If the user can't even login locally, on the console, ssh will never work.

This is how I would add a user:
sudo useradd tester
sudo usermod -G admin
sudo passwd tester

This way, a new user is able to login through ssh.
0
 
LVL 78

Expert Comment

by:arnold
ID: 34094602
You do not need to add to a specific group to have the user have ssh rights.
The only thing that controls whether the user can login on ssh or locally is the shell.
if the shell you set is valid i.e.not /bin/false etc. provided the user provides the correct username/password combination, the session will be allowed.
Check /var/log/secure to see whether ssh logged anything there.
There is no need to add the rule to sshd_config as you have.

If you while logged in in a terminal window run
exec login and then try to login with the username/password, what happens?

if this fails, can you double check that you have/use the correct password?
sudo bash
passwd accountname
newpassword
newpassword

and now try again.
0
 
LVL 16

Expert Comment

by:gelonida
ID: 34100214
I would suggest following steps:

1.) check, that your new user can login on the console
if it can't you know where your problem is.

2,) try to ssh from localhost
ssh mynewuser@localhost

if this doesn't succeed, try to run the ssh comand with the -v option.
ssh -v mynewuser@localhost
and send us the output.


If it works try to ssh from another host (with option -v) and send us the output
0
 

Author Closing Comment

by:bilbazafa
ID: 34103522
Thanks for you help, it was down to a few things I'd done incorectly but the above answers you gave  Antyrael were 2 of them. Many Thanks to you and eveybody that help. I'm jotting all of the above down as I am new to Linux and it's for future reference.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question