Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Ssh not allowing NIS user to login
Operating Systems AIX Ssh not allowing NIS user to login Post 302981866 by mrmurdock on Tuesday 20th of September 2016 05:47:45 PM
Old 09-20-2016
Code:
Sep 20 15:35:02 server1 auth|security:info sshd[10354864]: Accepted password for nis_user from 10.41.80.8 port 41888 ssh2
Sep 20 15:35:02 server1 auth|security:crit sshd[13959322]: fatal: permanently_set_uid: was able to restore old [e]gid

dang, had totally forgotten about auth.log. Thanks

did a quick look through google and nothing in /etc/group and no local user account for nis_user. There was a mention of a getpwid patch but if it was OS, then why does my other 3 AIX boxes work without issue. Same nis server for all 5 boxes.

Code:
server1:>oslevel -s
 6100-07-10-1415

---------- Post updated at 03:47 PM ---------- Previous update was at 02:52 PM ----------

Fixed the problem.
The issue is there is a bug in openssh where if there is a /etc/group --> GID_NAME and if the LDAP or NIS user has a same GID_NAME, but different value you will get this inability to login via ssh.
the corrective action is to make the /etc/group --> GID_NAME value the same as the naming service value, or delete the local GID_NAME.


Moderator's Comments:
Mod Comment Please use CODE tags as required by forum rules!
Last edited by RudiC; 09-21-2016 at 07:03 AM.. Reason: Added CODE tags.
 

10 More Discussions You Might Find Interesting

1. HP-UX

User not able to login directly using ssh

HI, We are facing a problem while trying to login using ssh. The user is able to login using telnet. We are able to login as another user using ssh and then su to that user which is successfull. What should i be checking for the user to be able to login directly using ssh. Thanks in... (2 Replies)
Discussion started by: sag71155
2 Replies

2. Shell Programming and Scripting

SSH login with user name and script.

I want to login to server using ssh or telnet and execute one command then exit to the shell Please let me know how to write script for this? (1 Reply)
Discussion started by: svenkatareddy
1 Replies

3. UNIX for Dummies Questions & Answers

$USER is not set in remsh but works fine via ssh login

1) ssh a@b echo $USER it display the correct value as a (even though i have not defined it in .profile) 2) remsh b -l a echo $USER it does not display the value as a (variable is not set any idea why $USER variable is not initialized when i login via remsh or rlogin but shows the... (10 Replies)
Discussion started by: reldb
10 Replies

4. Shell Programming and Scripting

Help to hide shell terminal and run prompt program after ssh login for specified user

Hey guys, I have some task from my office to lock user on the specified directory after the user logged on using ssh. And then run prompt program to fill the required information. Yeah, just like an ATM system. My question: How could I do those?? AFAIK I have to edit the ~./bashrc. But the... (1 Reply)
Discussion started by: franzramadhan
1 Replies

5. HP-UX

Suppress SSH login logs of a user

Hi, I want to suppress ssh login logs of a particular user to get logged in /var/adm/syslog/syslog.log As am using a user to monitor a server over ssh in 5 miute interval..and that creating un-necessary logs in my syslog.log file .. Please help me if there any way I can suppress this logs only... (6 Replies)
Discussion started by: Shirishlnx
6 Replies

6. Shell Programming and Scripting

AIX pam ssh/sshd configuration not allowing sed or awk

This is a weird problem. Following is my code. /opt/quest/bin/vastool configure pam sshd /opt/quest/bin/vastool configure pam ssh cat /etc/pam.conf | \ awk '$1=="ssh"||$1=="sshd"||$1=="emagent"{sub("prohibit","aix",$NF);}1' OFS='\t' > /etc/pam.conf cat /etc/ssh/sshd_config | \ sed -e... (2 Replies)
Discussion started by: pjeedu2247
2 Replies

7. Red Hat

SFTP user include/exclude without preventing SSH login

I have been asked to see if we can restrict SFTP access to authorised users only. There will be business users who will log on with SSH, but they are locked into a menu. They will have write access to the production data to do their job, but we don't want them to have access to read/write the... (8 Replies)
Discussion started by: rbatte1
8 Replies

8. Solaris

How can i setup ssh password-less login for particular user?

HI Community. I was trying to create ssh password less authentication for one user called night and it's not working for me. These are the steps I followed:- I have logged into the server and issued ssh-ketgen -t rsabash-3.2$ ssh-keygen -t rsa Generating public/private rsa key pair.... (4 Replies)
Discussion started by: bentech4u
4 Replies

9. UNIX for Advanced & Expert Users

One user to su to another without allowing root access and password

Hello Gurus, I want One user to su to another without allowing root access and password. I want to run a specific command as below from user am663: --------------------------------------------------------- sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh ------------------- But... (6 Replies)
Discussion started by: pokhraj_d
6 Replies

10. UNIX for Advanced & Expert Users

Ssh public/private key user login problem

I have a user account configuration with ssh public/private key that works on multiple servers centos and rhel. One server (Server F) that is not working in centos 6.8. When i ssh into server f I get prompted for a password. I have verified the config and it all is good. I put sshd into debug... (8 Replies)
Discussion started by: bash_in_my_head
8 Replies

LEARN ABOUT OPENSOLARIS

pam_allow

pam_allow(5)						Standards, Environments, and Macros					      pam_allow(5)

NAME

       pam_allow - PAM authentication, account, session and password management PAM module to allow operations

SYNOPSIS

       pam_allow.so.1

DESCRIPTION

       The  pam_allow  module  implements  all	the  PAM service module functions and returns PAM_SUCCESS for all calls. Opposite functionality is
       available in the pam_deny(5) module.

       Proper Solaris authentication operation requires pam_unix_cred(5) be stacked above pam_allow.

       The following options are interpreted:

       debug	Provides syslog(3C) debugging information at the LOG_AUTH | LOG_DEBUG level.

ERRORS

       PAM_SUCCESS is always returned.

EXAMPLES

       Example 1 Allowing ssh none

       The following example is a pam.conf fragment that illustrates a sample for allowing ssh none authentication:

	 sshd-none  auth    required	  pam_unix_cred.so.1
	 sshd-none  auth    sufficient	  pam_allow.so.1
	 sshd-none  account sufficient	  pam_allow.so.1
	 sshd-none  session sufficient	  pam_allow.so.1
	 sshd-none  password sufficient   pam_allow.so.1

       Example 2 Allowing Kiosk Automatic Login Service

       The following is example is a pam.conf fragment that illustrates a sample for allowing gdm kiosk auto login:

	 gdm-autologin auth  required	 pam_unix_cred.so.1
	 gdm-autologin auth  sufficient  pam_allow.so.1

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Stable			   |
       +-----------------------------+-----------------------------+
       |MT Level		     |MT-Safe with exceptions	   |
       +-----------------------------+-----------------------------+

SEE ALSO

       libpam(3LIB), pam(3PAM), pam_sm(3PAM), syslog(3C), pam.conf(4), attributes(5), pam_deny(5), pam_unix_cred(5)

NOTES

       The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

       This module is intended to be used to either allow access to specific services names, or to all service names not specified (by	specifying
       it as the default service stack).

SunOS 5.11							    25 Aug 2005 						      pam_allow(5)
All times are GMT -4. The time now is 10:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy