Openssh daemon no longer allows users to log in with password, but will allow login with public key. uw-imap no longer allows user login. This resulted after I installed a new kernel (and rebooted for the first time in several months). current openssh version - 3.6.1_p2 current uw-imap - 2002d Logs don't give a clear error, but I do see an openssh error described in bug 20404. pam version is 0.75-r11 The ssh pam file is: #%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_shells.so auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth The imap pam file is: #%PAM-1.0 # $Header: /home/cvsroot/gentoo-x86/net-mail/uw-imap/files/uw-imap.pam-system-au th,v 1.1 2002/06/07 02:01:38 woodchip Exp $ auth required pam_nologin.so auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth The system-auth pam file is: #%PAM-1.0 auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok nodelay auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so Reproducible: Always Steps to Reproduce: 1. login in to machine using ssh without a public key (password login) 2. or attempt to connect to the imaps server with an imap client 3. Actual Results: Login was not allowed. Expected Results: Should have logged in normally. Portage 2.0.48-r4 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r1) ================================================================= System uname: 2.4.21-openmosix i686 Pentium II (Deschutes) GENTOO_MIRRORS="http://gentoo.oregonstate.edu http://distro.ibiblio.org/pub/Linu x/distributions/gentoo" CONFIG_PROTECT="/etc /var/qmail/control /usr/kde/2/share/config /usr/kde/3/share /config /usr/X11R6/lib/X11/xkb /usr/kde/3.1/share/config /usr/share/texmf/tex/ge neric/config/ /usr/share/texmf/tex/platex/config/ /usr/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" PORTDIR="/usr/portage" DISTDIR="/usr/portage/distfiles" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR_OVERLAY="" USE="x86 oss avi crypt cups foomaticdb gif jpeg kde libg++ mad mikmod ncurses nl s pdflib png quicktime spell truetype xml2 xmms xv zlib gtkhtml gdbm berkdb slan g readline arts tetex bonobo svga java guile ruby gpm tcpd pam libwww perl pytho n esd oggvorbis gtk qt motif opengl mozilla X gtk2 gnome -alsa mbox -maildir mmx ssl -3dnow -apm tcltk encode imap imlib mpeg sdl" COMPILER="gcc3" CHOST="i686-pc-linux-gnu" CFLAGS="-march=pentium2 -mcpu=pentium2 -O3 -pipe" CXXFLAGS="-march=pentium2 -mcpu=pentium2 -O3 -pipe" ACCEPT_KEYWORDS="x86 ~x86" MAKEOPTS="-j3" AUTOCLEAN="yes" SYNC="rsync://rsync.gentoo.org/gentoo-portage" FEATURES="sandbox ccache fixpackages"
Could you please do a login with a password to ssh and provide ALL of the log snippets from it? I want auth.log, syslog, user.log, daemon.log, kern.log and debug. Alternatively, please start sshd in max debug mode, and capture the full output as you attempt to login with a password.
I use metalog on the machine I care about. But I have a vmware backup system that has the same problems. Here's the syslog reports generated on login: auth.log: Jul 19 12:53:22 backup sshd(pam_unix)[14322]: authentication failure; logname= u id=0 euid=0 tty=NODEVssh ruser= rhost=nice.tzo.com user=chixson Jul 19 12:53:28 backup sshd[14322]: Failed password for chixson from 192.168.1.1 10 port 37014 ssh2 syslog: nothing recorded for this transaction user.log: nothing daemon.log: nothing kern.log: nothing debug: nothing From the metalog machine, here's the entry from the everything file: Jul 21 13:30:34 [sshd(pam_unix)] authentication failure; logname= uid=0 euid=0 t ty=NODEVssh ruser= rhost=enterprise user=chixson Jul 21 13:30:41 [sshd] Failed password for chixson from 129.15.12.140 port 51938 ssh2 I also ran the ssh server in debug mode, and on both machines the result was similar, here's the result: Verbose ssh session --- server: backup init.d # /usr/sbin/sshd -ddd debug2: read_server_config: filename /etc/ssh/sshd_config debug1: sshd version OpenSSH_3.6.1p2 debug1: private host key: #0 type 0 RSA1 debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key. debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 192.168.1.110 port 37020 debug1: Client protocol version 2.0; client software version OpenSSH_3.6.1p2 debug1: match: OpenSSH_3.6.1p2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.6.1p2 debug2: Network child is on pid 14385 debug3: privsep user:group 22:22 debug1: permanently_set_uid: 22/22 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug3: preauth child monitor started debug3: mm_request_receive entering debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug3: mm_request_send entering: type 0 debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI debug3: mm_request_receive_expect entering: type 1 debug3: mm_request_receive entering debug3: monitor_read: checking request 0 debug3: mm_answer_moduli: got parameters: 1024 2048 8192 debug3: mm_request_send entering: type 1 debug3: mm_choose_dh: remaining 0 debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug2: monitor_read: 0 used once, disabling now debug3: mm_request_receive entering debug2: dh_gen_key: priv key bits set: 129/256 debug2: bits set: 1648/3191 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug2: bits set: 1591/3191 debug3: mm_key_sign entering debug3: mm_request_send entering: type 4 debug3: monitor_read: checking request 4 debug3: mm_answer_sign debug3: mm_answer_sign: signature 0x80a5b70(143) debug3: mm_request_send entering: type 5 debug2: monitor_read: 4 used once, disabling now debug3: mm_request_receive entering debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN debug3: mm_request_receive_expect entering: type 5 debug3: mm_request_receive entering debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user chixson service ssh-connection method none debug1: attempt 0 failures 0 debug3: mm_getpwnamallow entering debug3: mm_request_send entering: type 6 debug3: monitor_read: checking request 6 debug3: mm_answer_pwnamallow debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 debug3: mm_request_send entering: type 7 debug2: monitor_read: 6 used once, disabling now debug3: mm_request_receive entering debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM debug3: mm_request_receive_expect entering: type 7 debug3: mm_request_receive entering debug2: input_userauth_request: setting up authctxt for chixson debug3: mm_start_pam entering debug3: mm_request_send entering: type 41 debug3: monitor_read: checking request 41 debug1: Starting up PAM with username "chixson" debug3: Trying to reverse map address 192.168.1.110. debug1: PAM setting rhost to "nice.tzo.com" debug2: monitor_read: 41 used once, disabling now debug3: mm_request_receive entering debug3: mm_inform_authserv entering debug3: mm_request_send entering: type 3 debug3: monitor_read: checking request 3 debug3: mm_answer_authserv: service=ssh-connection, style= debug2: monitor_read: 3 used once, disabling now debug3: mm_request_receive entering debug2: input_userauth_request: try method none debug3: mm_auth_password entering debug3: mm_request_send entering: type 10 debug3: monitor_read: checking request 10 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 11 debug3: mm_request_receive entering debug1: PAM password authentication failed for chixson: Authentication failure debug3: mm_answer_authpassword: sending result 0 debug3: mm_request_send entering: type 11 Failed none for chixson from 192.168.1.110 port 37020 ssh2 debug3: mm_auth_password: user not authenticated Failed none for chixson from 192.168.1.110 port 37020 ssh2 debug3: mm_request_receive entering debug1: userauth-request for user chixson service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug3: mm_key_allowed entering debug3: mm_request_send entering: type 20 debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED debug3: mm_request_receive_expect entering: type 21 debug3: mm_request_receive entering debug3: monitor_read: checking request 20 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x80b69a0 debug1: temporarily_use_uid: 1000/100 (e=0/0) debug1: trying public key file /home/chixson/.ssh/authorized_keys debug1: restore_uid: 0/0 debug1: temporarily_use_uid: 1000/100 (e=0/0) debug1: trying public key file /home/chixson/.ssh/authorized_keys2 debug1: restore_uid: 0/0 debug3: mm_answer_keyallowed: key 0x80b69a0 is disallowed debug3: mm_request_send entering: type 21 debug3: mm_request_receive entering debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa Failed publickey for chixson from 192.168.1.110 port 37020 ssh2 debug1: userauth-request for user chixson service ssh-connection method keyboard -interactive debug1: attempt 2 failures 2 debug2: input_userauth_request: try method keyboard-interactive debug1: keyboard-interactive devs debug1: auth2_challenge: user=chixson devs= debug1: kbdint_alloc: devices '' debug2: auth2_challenge_start: devices Failed keyboard-interactive for chixson from 192.168.1.110 port 37020 ssh2 debug1: userauth-request for user chixson service ssh-connection method password debug1: attempt 3 failures 3 debug2: input_userauth_request: try method password debug3: mm_auth_password entering debug3: mm_request_send entering: type 10 debug3: monitor_read: checking request 10 debug1: PAM password authentication failed for chixson: Authentication failure debug3: mm_answer_authpassword: sending result 0 debug3: mm_request_send entering: type 11 Failed password for chixson from 192.168.1.110 port 37020 ssh2 debug3: mm_request_receive entering debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 11 debug3: mm_request_receive entering debug3: mm_auth_password: user not authenticated Failed password for chixson from 192.168.1.110 port 37020 ssh2 debug1: userauth-request for user chixson service ssh-connection method password debug1: attempt 4 failures 4 debug2: input_userauth_request: try method password debug3: mm_auth_password entering debug3: mm_request_send entering: type 10 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: monitor_read: checking request 10 debug3: mm_request_receive_expect entering: type 11 debug3: mm_request_receive entering debug1: PAM password authentication failed for chixson: Authentication failure debug3: mm_answer_authpassword: sending result 0 debug3: mm_request_send entering: type 11 Failed password for chixson from 192.168.1.110 port 37020 ssh2 debug3: mm_auth_password: user not authenticated Failed password for chixson from 192.168.1.110 port 37020 ssh2 debug3: mm_request_receive entering debug1: userauth-request for user chixson service ssh-connection method password debug1: attempt 5 failures 5 debug2: input_userauth_request: try method password debug3: mm_auth_password entering debug3: mm_request_send entering: type 10 debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 11 debug3: mm_request_receive entering debug3: monitor_read: checking request 10 debug1: PAM password authentication failed for chixson: Authentication failure debug3: mm_answer_authpassword: sending result 0 debug3: mm_request_send entering: type 11 debug3: mm_auth_password: user not authenticated Failed password for chixson from 192.168.1.110 port 37020 ssh2 Connection closed by 192.168.1.110 debug1: Calling cleanup 0x8073f30(0x0) debug1: getpeername failed: Transport endpoint is not connected debug1: Calling cleanup 0x80660e0(0x0) client: chixson@nice chixson $ ssh 192.168.1.111 chixson@192.168.1.111's password: Permission denied, please try again. chixson@192.168.1.111's password: Permission denied, please try again. chixson@192.168.1.111's password: Permission denied (publickey,password,keyboard-interactive).
This bug might be related to <a href="http://bugs.gentoo.org/show_bug.cgi?id=27383">Bug 27383</a> app-misc/screen-3.9.15-r1: does not unlock Adam you mention installing a new kernel, would this by any chance be a 2.6 kernel?
Sorry, I used the same kernel (but compiled in the sound module) using 2.4.20-openmosix. Also, I've long since rebuilt the machine from scratch (being unable to resolve the issue, and needing to use the machine...) I'm still happy to help resolve this with whatever information you might need.
Does anyone still think this bug is reproducible and/or solveable? Can it be resolved as NEEDINFO?
It's long since been important for me, and apparently no one else has had a problem, so I'd be fine if you closed it.
Resolving as NEEDINFO, reopen if and when needed.