Message Board -  Archive

[ Login ] [ Create Account ]
[ Board List ] [ View Board ] [ Post Reply ]
  Author  Subject: Re: User login / passwd error
Archive  

Posted on 02-01-2002 01:56 a.m. ET  reply

Original Poster: "Mark W. Krentel" <krentel@dreamscape.com>

> I have users login to my server. 3 accounts work fine, but now, all the
> additional accounts I create will not accept any of the users passwords when
> they try to login. ALl users must use a secure login, sshd.

First, sshd normally writes a message to /var/log/messages for every
login attempt, both success and failure. So, what does messages say
about why sshd denied the attempt?

After that, here are some possibilities, although my list is by no
means exhaustive. You're not yet giving me enough clues to narrow
the problem.

(1) Check the sshd_config file, probably in /etc/ssh/. Do you have an
AllowUsers or DenyUsers line? If you have AllowUsers, perhaps you
forgot to add them to sshd_config.

(2) Try sending a HUP to the sshd daemon. I'm not sure what info
about users and groups sshd caches when it starts up, but if you
haven't rebooted since adding the new users, maybe sshd doesn't know
they exist. You tell sshd to reinitialize itself by sending it a HUP
(hangup) signal. /var/run/sshd.pid should contain a process number
(pid). As root, you run "kill -HUP pid" where pid is the process
number from sshd.pid.

Just be a little careful sending signals to sshd if you don't have
access to the console for fear of locking yourself out. But HUP is a
pretty safe signal for sshd.

(3) If you have access to the console (do you?), try logging in on the
console, see if it acts any differently than sshd. Or, if you only
have network access, login as another user and try su. Don't su as
root because that will bypass the normal permissions. Again, look in
/var/log/messages for clues.

(4) Check /etc/shadow and /etc/passwd that the new user exists, has a
valid password (not expired and not *'d out), has a valid shell and
home directory.

(5) Perhaps there is a mismatch on whether the new passwords are MD5
or DES.

--Mark

< Previous 1 Next >

Site Contents