Dave Henderson
asked on
RHEL6 Remote User cannot log in via SSH
I have four RHEL6.4 vmware servers that perform specific backup duties and nothing else.
Users need to log in to the server remotely via SSH as the servers are located on physical hardware in a geographically diverse area.
I can log in remotely using the root account with no issue. When I try and log in using a normal user account (to then sudo to root) I cannot get access. I get an 'incorrect password' prompt. Even if I then log back in as root and change the specific username password, it still doesn't work when I try the user account again.
I have researched the problem across the Internet but many of the sites that may have the answer are blocked by company policy.
These accounts used to work with no problem, so something has changed but I need a few pointers please folks.
Cheers
Users need to log in to the server remotely via SSH as the servers are located on physical hardware in a geographically diverse area.
I can log in remotely using the root account with no issue. When I try and log in using a normal user account (to then sudo to root) I cannot get access. I get an 'incorrect password' prompt. Even if I then log back in as root and change the specific username password, it still doesn't work when I try the user account again.
I have researched the problem across the Internet but many of the sites that may have the answer are blocked by company policy.
These accounts used to work with no problem, so something has changed but I need a few pointers please folks.
Cheers
ASKER
Checked /var/log/secure and got this output
[Edited]
Nov 19 10:12:26 nbs003 sshd[7545]: Failed password for rja from 10.*.*.* port 65183 ssh2
Nov 19 10:12:35 nbs003 sshd[7545]: pam_tally2(sshd:auth): user rja (40138) tally 51, deny 3
Nov 19 10:12:37 nbs003 sshd[7545]: Failed password for rja from 10.*.*.* port 65183 ssh2
Nov 19 10:12:42 nbs003 sshd[7545]: pam_tally2(sshd:auth): user rja (40138) tally 52, deny 3
Nov 19 10:12:44 nbs003 sshd[7545]: Failed password for rja from 10.*.*.* port 65183 ssh2
So then I log onto the target server as root, successfully change the password for rja and try again...
Nov 19 10:22:14 nbs003 passwd[7643]: pam_unix(passwd:chauthtok) : password changed for rja
Nov 19 10:22:36 nbs003 sshd[7647]: pam_tally2(sshd:auth): user rja (40138) tally 54, deny 3
Nov 19 10:22:38 nbs003 sshd[7647]: Failed password for rja from 10.*.*.* port 50232 ssh2
I am using SecureCRT as the client which has a pre-configured SSH connection (no script) so trying to figure out verbose logging on that end also....
Cheers
[Edited]
Nov 19 10:12:26 nbs003 sshd[7545]: Failed password for rja from 10.*.*.* port 65183 ssh2
Nov 19 10:12:35 nbs003 sshd[7545]: pam_tally2(sshd:auth): user rja (40138) tally 51, deny 3
Nov 19 10:12:37 nbs003 sshd[7545]: Failed password for rja from 10.*.*.* port 65183 ssh2
Nov 19 10:12:42 nbs003 sshd[7545]: pam_tally2(sshd:auth): user rja (40138) tally 52, deny 3
Nov 19 10:12:44 nbs003 sshd[7545]: Failed password for rja from 10.*.*.* port 65183 ssh2
So then I log onto the target server as root, successfully change the password for rja and try again...
Nov 19 10:22:14 nbs003 passwd[7643]: pam_unix(passwd:chauthtok)
Nov 19 10:22:36 nbs003 sshd[7647]: pam_tally2(sshd:auth): user rja (40138) tally 54, deny 3
Nov 19 10:22:38 nbs003 sshd[7647]: Failed password for rja from 10.*.*.* port 50232 ssh2
I am using SecureCRT as the client which has a pre-configured SSH connection (no script) so trying to figure out verbose logging on that end also....
Cheers
ASKER
I also checked the sshd_config file on all four servers and there were some discrepancies.
Two had the following;
# Change to no to disable s/key passwords
#ChallengeResponseAuthenti cation yes
ChallengeResponseAuthentic ation no
And two had;
# Change to no to disable s/key passwords
#ChallengeResponseAuthenti cation yes
#ChallengeResponseAuthenti cation no
ChallengeResponseAuthentic ation yes
After straightening these all out to be the latter with "ChallengeResponseAuthenti cation yes"... it still doesn't allow standard users to log in, only root.
Two had the following;
# Change to no to disable s/key passwords
#ChallengeResponseAuthenti
ChallengeResponseAuthentic
And two had;
# Change to no to disable s/key passwords
#ChallengeResponseAuthenti
#ChallengeResponseAuthenti
ChallengeResponseAuthentic
After straightening these all out to be the latter with "ChallengeResponseAuthenti
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Further research into core of problem revealed condition
$ ssh -v user@hostname
or
$ ssh -vv user@hostname
(multiple v's)
It will spit a bunch of info, then ask for the password. Try to login, and it should give a verbose explanation of the failure.
Also, on the server, you can check /var/log/secure to see the failures and see if there is any info as to why in there.
One of these should give you the info you need to solve the problem.
If you cannot figure it out, post the information you receive from those options here
My educated guess is that it has to do with SELinux being active on the server with incorrect settings, or an improperly configured /etc/ssh/sshd_config on the server