authentication failure using SSH pam_unix(sshd:auth): authentication failure;

?when I try connect to another server using ssh, I found an error on /var/log/secure "pam_unix(sshd:auth): authentication failure; " 
Oct 30 16:21:59 hvphuc sshd[1923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.20.149  user=hvphuc
Oct 30 16:21:59 hvphuc sshd[1923]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.20.149 user=hvphuc
Oct 30 16:21:59 hvphuc sshd[1923]: Accepted password for hvphuc from 10.10.20.149 port 56689 ssh2
Oct 30 16:22:01 hvphuc sshd[1923]: pam_unix(sshd:session): session opened for user hvphuc by (uid=0)

okay, we know the problem is on the pam module, so we should look at sshd module on pam directory at /etc/pam.d/

at /etc/pam.d/sshd
?
1
2
3
4
5
6
7
8
9
10
auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule
session required pam_selinux.so close session required pam_loginuid.so
here we can see the authentication included system-auth "auth include password-auth". okay next we should take a look on /etc/pam.d/password-auth on pam system-auth look at auth section, at my password-auth module, the system will check local system (pam_unix) at the first time then check the ldap database (pam_ldap). 

Alhamdulillah that issue because sshd:auth want to connect to remote server and cannot find the user at local system (pam_unix), that's why appears message authentication failure, 

because my user at ldap database after cannot find the user on local system then sshd:auth try to find it at ldap database (pam_ldap), and found it. 

at /etc/pam.d/system-auth
?
1
2
3
4
5
auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so use_first_pass auth required pam_deny.so

Solution

replace try_first_pass to pam.ldap.so and use_first_pass to pam_unix.so that will make ssh search user from ldap database first,if not found then ssh will search at local system. 
?
1
2
3
4
5
auth required pam_env.so auth sufficient pam_unix.so nullok use_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so try_first_pass auth required pam_deny.so

that will make the error message "sshd[8909]: pam_unix(sshd:auth): authentication failure;" gone.
?
1
2
Oct 30 16:28:54 hvphuc sshd[1975]: pam_sss(sshd:auth): unknown option: try_first_pass Oct 30 16:28:54 hvphuc sshd[1975]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.20.149 user=hvphuc

Nhận xét

Đăng nhận xét

Bài đăng phổ biến từ blog này

CLEANING UP THE ZABBIX DATABASE

My Zabbix database size increased a lot in the last few months and since my disk was running out space, I decided to clean up the old events from the database. Looking at the database tables, the biggest one was  history_uint , which holds the items history data – over 400 millions of records and over 30 Gb of disk space before the clean up. Since deleting the old records from this table directly would be a very slow process, I decided to create a new table and insert the latest records from the  history_uint  table and then just replace the old table with a new one. Since this is not an offical procedure, use it at your own risk. Environment: Zabbix v2.2 MySql 5.1 – InnoDB with  innodb_file_per_table=ON Step 1 – Stop the Zabbix server Step 2 – Open your favourite MySQL client and create a new table CREATE TABLE  history_uint_new  LIKE  history_uint; Step 3 – Insert the latest records from the  history_uint  table to the  history_uint_new table First you need to de
Đọc thêm

Configuring DHCP Relay service on the FortiGate unit

Configuring DHCP Relay service on the FortiGate unit If the clients are configured to obtain a IP address using DHCP relay, configure the FortiGate server as below: To configure DHCP relay on the FortiGate unit   1. Go to System > Network > Interfaces and select Interface want to configure DHCP relay.   2. Enable DHCP Server in the interface and choose Advanced   3. For Mode, select Relay.   4. In Type select Regular.   5. Select OK.   6. If a router is installed between the FortiGate unit and the DHCP server, define a static route to the DHCP server. Note : Sometimes it is required to specify more than one DHCP relay IP, to allow for the coverage of additional LAN subnets. Although the Web Based Manager (GUI) does not provide an option to configure this, it is possible to set up to 8 IPs from the CLI.       config system interface             edit <REQUIRED_INTERFACE_HERE>               set dhcp-relay-ip <FIRST_IP> <SECOND_IP> ....<EIGHTH_IP&
Đọc thêm

Stuxnet Trojan - Memory Forensics with Volatility | Part I

Hình ảnh
Stuxnet could be the first advanced malware. It is thought that it was developed by the United States and Israel to attack Iran's nuclear facilities. It attacked Windows systems using a zero-day exploit and It was focused on SCADA systems in order to  affect critical infrastructures... Also, it may be spread from USB drivers. It is necessary a squad of highly capable programmers with depth of knowledge of industrial processes and an interest in attacking industrial infrastructure to develop this malware. Kaspersky Lab concluded that the sophisticated attack could only have been conducted "with nation-state support" and a study of the spread of Stuxnet by Symantec says that it was spread to Iran (58.85%), Indonesia (18.22%), India (8.31%), Azerbaijan (2.57%).... Thanks to Malware Cookbook we can download a memory dump from an infected host with this malware in the URL below:  http://www.jonrajewski.com/data/Malware/stuxnet.vmem.zip Ok, let’s go. We are going to analyze i
Đọc thêm