NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: PAM issues



On 08/23/15 18:35, William A. Mahaffey III wrote:
On 08/23/15 12:07, Eric Haszlakiewicz wrote:
On August 23, 2015 10:38:12 AM EDT, "William A. Mahaffey III" <wam%hiwaay.net@localhost> wrote:
I have a public-key from the Q6600 in my /root/.ssh/authorized_keys
file, but I still get errors trying to SSH in. My PAM files are
box-stock, as is/are my sshd config file(s). Any clues as to how to get

this to work appreciated. TIA & have a nice weekend.
Since you haven't changed the sshd config in /etc/ssh, then the default is to refuse root logins. You'll need to edit that, then restart sshd. Or, a slightly better option would be to create and push your backups to a non-root user, so a compromise one one box doesn't automatically result in root on the other.

Eric


OK, changed sshd_config to allow root login, still nogo:


4256EE1 # tail -20 /var/log/authlog; date
Aug 23 09:48:08 4256EE1 rpcbind: connect from 192.168.0.27 to getport/addr(mountd) Aug 23 09:53:12 4256EE1 rpcbind: connect from 192.168.0.27 to getport/addr(mountd)
Aug 23 12:02:43 4256EE1 rpcbind: connect from 192.168.0.27 to null()
Aug 23 12:02:43 4256EE1 rpcbind: connect from 192.168.0.27 to getport/addr(nfs) Aug 23 12:02:43 4256EE1 rpcbind: connect from 192.168.0.27 to getport/addr(mountd) Aug 23 12:02:43 4256EE1 rpcbind: connect from 192.168.0.27 to getport/addr(mountd) Aug 23 12:07:47 4256EE1 rpcbind: connect from 192.168.0.27 to getport/addr(mountd) Aug 23 18:27:32 4256EE1 sshd[12632]: SSH: Server;Ltype: Version;Remote: 192.168.0.9-50583;Protocol: 2.0;Client: OpenSSH_5.5 Aug 23 18:27:32 4256EE1 sshd[12632]: SSH: Server;Ltype: Kex;Remote: 192.168.0.9-50583;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth] Aug 23 18:27:33 4256EE1 sshd[12632]: SSH: Server;Ltype: Authname;Remote: 192.168.0.9-50583;Name: root [preauth]
Aug 23 18:27:33 4256EE1 sshd[12632]: ROOT LOGIN REFUSED FROM 192.168.0.9
Aug 23 18:27:33 4256EE1 sshd[12632]: ROOT LOGIN REFUSED FROM 192.168.0.9 [preauth] Aug 23 18:27:37 4256EE1 sshd[12632]: error: PAM: authentication error for root from q6600 Aug 23 18:27:37 4256EE1 sshd[12632]: error: PAM: authentication error for root from q6600 Aug 23 18:27:40 4256EE1 sshd[12632]: Postponed keyboard-interactive for root from 192.168.0.9 port 50583 ssh2 [preauth] Aug 23 18:27:43 4256EE1 sshd[12632]: error: PAM: authentication error for root from q6600 Aug 23 18:27:43 4256EE1 sshd[12632]: Failed keyboard-interactive/pam for root from 192.168.0.9 port 50583 ssh2 Aug 23 18:27:47 4256EE1 sshd[12632]: Failed password for root from 192.168.0.9 port 50583 ssh2 Aug 23 18:27:47 4256EE1 sshd[12632]: Failed password for root from 192.168.0.9 port 50583 ssh2 Aug 23 18:27:51 4256EE1 sshd[12632]: Disconnecting: Too many authentication failures for root [preauth]
Sun Aug 23 18:34:21 MCDT 2015
4256EE1 # grep -i root ssh/sshd_config
#PermitRootLogin no
PermitRootLogin yes
#ChrootDirectory none
4256EE1 # uname -a
NetBSD 4256EE1.CFD.COM 6.1.5 NetBSD 6.1.5 (GENERIC) amd64
4256EE1 #


*Damn* !!!! Did everything but restart sshd, when I did that, ssh login worked :-/ .... Sorry for the noise ....

--

	William A. Mahaffey III

 ----------------------------------------------------------------------

	"The M1 Garand is without doubt the finest implement of war
	 ever devised by man."
                           -- Gen. George S. Patton Jr.



Home | Main Index | Thread Index | Old Index