Re: PAM issues

["William A. Mahaffey III" <wam%hiwaay.net@localhost>]

On 08/23/15 18:35, William A. Mahaffey III wrote:
> On 08/23/15 12:07, Eric Haszlakiewicz wrote:
> > On August 23, 2015 10:38:12 AM EDT, "William A. Mahaffey III" 
> > <wam%hiwaay.net@localhost> wrote:
> > > I have a public-key from the Q6600 in my /root/.ssh/authorized_keys
> > > file, but I still get errors trying to SSH in. My PAM files are
> > > box-stock, as is/are my sshd config file(s). Any clues as to how to get
> > >
> > > this to work appreciated. TIA & have a nice weekend.
> > Since you haven't changed the sshd config in /etc/ssh, then the 
> > default is to refuse root logins.  You'll need to edit that, then 
> > restart sshd.
> > Or, a slightly better option would be to create and push your backups 
> > to a non-root user, so a compromise one one box doesn't automatically 
> > result in root on the other.
> >
> > Eric
>
>
> OK, changed sshd_config to allow root login, still nogo:
>
>
> 4256EE1 # tail -20 /var/log/authlog; date
> Aug 23 09:48:08 4256EE1 rpcbind: connect from 192.168.0.27 to 
> getport/addr(mountd)
> Aug 23 09:53:12 4256EE1 rpcbind: connect from 192.168.0.27 to 
> getport/addr(mountd)
> Aug 23 12:02:43 4256EE1 rpcbind: connect from 192.168.0.27 to null()
> Aug 23 12:02:43 4256EE1 rpcbind: connect from 192.168.0.27 to 
> getport/addr(nfs)
> Aug 23 12:02:43 4256EE1 rpcbind: connect from 192.168.0.27 to 
> getport/addr(mountd)
> Aug 23 12:02:43 4256EE1 rpcbind: connect from 192.168.0.27 to 
> getport/addr(mountd)
> Aug 23 12:07:47 4256EE1 rpcbind: connect from 192.168.0.27 to 
> getport/addr(mountd)
> Aug 23 18:27:32 4256EE1 sshd[12632]: SSH: Server;Ltype: 
> Version;Remote: 192.168.0.9-50583;Protocol: 2.0;Client: OpenSSH_5.5
> Aug 23 18:27:32 4256EE1 sshd[12632]: SSH: Server;Ltype: Kex;Remote: 
> 192.168.0.9-50583;Enc: aes128-ctr;MAC: hmac-md5;Comp: none [preauth]
> Aug 23 18:27:33 4256EE1 sshd[12632]: SSH: Server;Ltype: 
> Authname;Remote: 192.168.0.9-50583;Name: root [preauth]
> Aug 23 18:27:33 4256EE1 sshd[12632]: ROOT LOGIN REFUSED FROM 192.168.0.9
> Aug 23 18:27:33 4256EE1 sshd[12632]: ROOT LOGIN REFUSED FROM 
> 192.168.0.9 [preauth]
> Aug 23 18:27:37 4256EE1 sshd[12632]: error: PAM: authentication error 
> for root from q6600
> Aug 23 18:27:37 4256EE1 sshd[12632]: error: PAM: authentication error 
> for root from q6600
> Aug 23 18:27:40 4256EE1 sshd[12632]: Postponed keyboard-interactive 
> for root from 192.168.0.9 port 50583 ssh2 [preauth]
> Aug 23 18:27:43 4256EE1 sshd[12632]: error: PAM: authentication error 
> for root from q6600
> Aug 23 18:27:43 4256EE1 sshd[12632]: Failed keyboard-interactive/pam 
> for root from 192.168.0.9 port 50583 ssh2
> Aug 23 18:27:47 4256EE1 sshd[12632]: Failed password for root from 
> 192.168.0.9 port 50583 ssh2
> Aug 23 18:27:47 4256EE1 sshd[12632]: Failed password for root from 
> 192.168.0.9 port 50583 ssh2
> Aug 23 18:27:51 4256EE1 sshd[12632]: Disconnecting: Too many 
> authentication failures for root [preauth]
> Sun Aug 23 18:34:21 MCDT 2015
> 4256EE1 # grep -i root ssh/sshd_config
> #PermitRootLogin no
> PermitRootLogin yes
> #ChrootDirectory none
> 4256EE1 # uname -a
> NetBSD 4256EE1.CFD.COM 6.1.5 NetBSD 6.1.5 (GENERIC) amd64
> 4256EE1 #


*Damn* !!!! Did everything but restart sshd, when I did that, ssh login 
worked :-/ .... Sorry for the noise ....

--

	William A. Mahaffey III

 ----------------------------------------------------------------------

	"The M1 Garand is without doubt the finest implement of war
	 ever devised by man."
                           -- Gen. George S. Patton Jr.