authentication failure using SSH pam_unix(sshd:auth): authentication failure;

Oct 30 16:21:59 hvphuc sshd[1923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.20.149  user=hvphuc
Oct 30 16:21:59 hvphuc sshd[1923]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.20.149 user=hvphuc
Oct 30 16:21:59 hvphuc sshd[1923]: Accepted password for hvphuc from 10.10.20.149 port 56689 ssh2
Oct 30 16:22:01 hvphuc sshd[1923]: pam_unix(sshd:session): session opened for user hvphuc by (uid=0)

okay, we know the problem is on the pam module, so we should look at sshd module on pam directory at /etc/pam.d/

at /etc/pam.d/sshd
?
1
2
3
4
5
6
7
8
9
10
auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule
session required pam_selinux.so close session required pam_loginuid.so
here we can see the authentication included system-auth "auth include password-auth". okay next we should take a look on /etc/pam.d/password-auth on pam system-auth look at auth section, at my password-auth module, the system will check local system (pam_unix) at the first time then check the ldap database (pam_ldap). 

Alhamdulillah that issue because sshd:auth want to connect to remote server and cannot find the user at local system (pam_unix), that's why appears message authentication failure, 

because my user at ldap database after cannot find the user on local system then sshd:auth try to find it at ldap database (pam_ldap), and found it. 

at /etc/pam.d/system-auth
?
1
2
3
4
5
auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so use_first_pass auth required pam_deny.so

Solution

replace try_first_pass to pam.ldap.so and use_first_pass to pam_unix.so that will make ssh search user from ldap database first,if not found then ssh will search at local system. 
?
1
2
3
4
5
auth required pam_env.so auth sufficient pam_unix.so nullok use_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so try_first_pass auth required pam_deny.so

that will make the error message "sshd[8909]: pam_unix(sshd:auth): authentication failure;" gone.
?
1
2
Oct 30 16:28:54 hvphuc sshd[1975]: pam_sss(sshd:auth): unknown option: try_first_pass Oct 30 16:28:54 hvphuc sshd[1975]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.20.149 user=hvphuc

Nhận xét

Bài đăng phổ biến