[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [rhelv6-list] SSHD root login



Going back to the original post, that message looks like a PAM
configuration error.

In your sshd_config, you have PAM enabled. One portion of your PAM stack
could be failing, reponds with "Authentication failed" and PAM proceeds
to the next plugin which prompts for a password.

I'm not sure if ssh still tries to handle authentication if UsePAM is
set to "yes" it could be that ssh's own authentication fails and then
falls back to PAM, or vice versa check the ssh man pages for the UsePAM
configuration option. There should be an explanation there.

So far, I haven't seen any log messages in this discussion. Do you see
any related error messages in /var/log/messages or /var/log/secure?
Also, what happens when you use the -v option to ssh when connecting?
That will show what authentication methods it's trying, and why they are
failing:

ssh -v remotehost.example.com

or for more verbosity:

ssh -vv remotehost

or

ssh -vvv remotehost

--
Prentice


On 10/25/2011 05:52 AM, Mezei Zoltan wrote:
> Hi,
>
> I don't know if you have the same problem but this message showed up
> in putty for me after a putty version change. The reason was that
> putty tried to use GSSAPI authentication by default. You can find more
> details at this URL:
>
> http://superuser.com/questions/312197/putty-0-61-why-do-i-see-access-denied-message-after-i-enter-my-login-id
>
> Hope that helps.
>
> On Tue, Oct 25, 2011 at 03:48, Alejandra Ramirez
> <alejandra palacios mail telcel com> wrote:
>> I believe Krzysztof doesn't have problem with the root login, he wanted only
>> remark that although the system permit the root login, it says "access
>> denied".
>>
>> Any way, I have some RHELv6.1 linux systems with the root access permited
>> but I don't obtain the Krzysztof  message.
>>
>> Best regards,
>> --
>> Alejandra Ramírez
>>
>> El 24/10/11 14:51, Grzegorz Witkowski escribió:
>>
>> Hi Krzysztof,
>> The default is "PermitRootLogin yes" as per man page. It is confusing a
>> little bit though in my opinion as it is commented out in a default
>> sshd_config file. That means you need to specifically set it to "no" and
>> restart sshd if you want to disallow root access.
>> I logged in as root with no problem to my fresh RHEL6.1. After adding
>> PermitRootLogin no and restarting sshd it happily returns Permission denied,
>> please try again. :)
>> Regards,
>> Ges
>> On Mon, Oct 24, 2011 at 3:42 PM, Krzysztof Mazurek <kmazurek neotek waw pl>
>> wrote:
>>> Welcome,
>>>
>>> on RHEL 6.1 and 6.2 beta I can see quite funny thing ...
>>>
>>> ssh root machine_IP
>>> ....
>>>
>>> login as: root
>>> Access denied
>>> root machine_IP's password:
>>>
>>>
>>> First is displayed "Access denied" and then suddenly password prompt
>>> appears ... and you can login without any problem ;)
>>> Is it just in my case?
>>>
>>> In sshd_config file I have:
>>> [....]
>>> # Authentication:
>>>
>>> #LoginGraceTime 2m
>>> #PermitRootLogin yes
>>> #StrictModes yes
>>> #MaxAuthTries 6
>>> #MaxSessions 10
>>> [,...]
>>> UsePAM yes
>>> [...]
>>>
>>> Krzysztof Mazurk
>>>
>>>
>>>
>>> _______________________________________________
>>> rhelv6-list mailing list
>>> rhelv6-list redhat com
>>> https://www.redhat.com/mailman/listinfo/rhelv6-list
>>>
>>
>> _______________________________________________
>> rhelv6-list mailing list
>> rhelv6-list redhat com
>> https://www.redhat.com/mailman/listinfo/rhelv6-list
>>
>> _______________________________________________
>> rhelv6-list mailing list
>> rhelv6-list redhat com
>> https://www.redhat.com/mailman/listinfo/rhelv6-list
>>
>>
>
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]