I have a server running fedora that denies access to me as user "bobg." I can ssh as root and have re-entered the "passwd" for "bobg" and it reported "passwd: all authentication tokens updated successfully."
I also added an= new user and had the same result.
Am I being prevented from actually changing the password via ssh perhaps? If so it's strange that it reports tokens updated successfully. There's no display or keyboard attached,
I can still access view the contents with Samba and the samba password but need user access for me. I suppose root access would wok but I have spent all morning at this and don't know what else to do to fix the user access problem.
Suggestions appreciated.
-- Bob Goodwin - Zuni, Virginia, USA http://www.qrz.com/db/W2BOD box10 FEDORA-29/64bit LINUX XFCE Fastmail POP3
On Fri, 13 Sep 2019 14:14:59 -0400 Bob Goodwin wrote:
Suggestions appreciated.
ssh -v -v -v
sometimes provides useful information (if you can see it in the noise).
Recent distros have started disabling many cyphers as insecure, so if you are coming from an older system you may be trying to use a cypher it doesn't like (that's my most common experience with a huge range of old and new machines and virtual machines trying to talk).
On 09/13/19 14:27, Tom Horsley wrote:
Suggestions appreciated.
ssh -v -v -v
sometimes provides useful information (if you can see it in the noise).
Recent distros have started disabling many cyphers as insecure, so if you are coming from an older system you may be trying to use a cypher it doesn't like (that's my most common experience with a huge range of old and new machines and virtual machines trying to talk). ____
. That provides an overwhelming amount of mostly meaningless [to me] data but it's another tool to mess with. I'll keep at this for a while anyway ...
Thanks, Bob
On 9/13/19 11:14 AM, Bob Goodwin wrote:
I have a server running fedora that denies access to me as user "bobg." I can ssh as root and have re-entered the "passwd" for "bobg" and it reported "passwd: all authentication tokens updated successfully."
Have you checked the server logs? Maybe you have password authentication turned off?
On 09/13/19 15:42, Samuel Sieb wrote:
Have you checked the server logs? Maybe you have password authentication turned off? ____
. Not until you asked, then I can ssh as root. Tried journalctl -e after an ssh bobg@box48 but all the file times are about 6 minutes earlier?
I must be doing something wrong there ...
and there are logs in /var/log but nothing is obvious.
Too much information there, I'm overwhelmed with log data.
On 9/14/19 5:20 AM, Bob Goodwin wrote:
On 09/13/19 15:42, Samuel Sieb wrote:
Have you checked the server logs? Maybe you have password authentication turned off? ____
. Not until you asked, then I can ssh as root. Tried journalctl -e after an ssh bobg@box48 but all the file times are about 6 minutes earlier?
I must be doing something wrong there ...
and there are logs in /var/log but nothing is obvious.
Too much information there, I'm overwhelmed with log data.
Are you saying that you have now turned off password authentication on the server?
Are you saying that you have,
PasswordAuthentication no
set on the server in /etc/ssh/sshd_config?
If this is the case, and if you've been using keys for authentication it can mean that you've changed the permissions of user bobg ~/.ssh. It should be 700.
Also, the files within ~/.ssh should be owned by bobg and have 600 permissions. Especially authorized_keys.
On 09/13/19 17:43, Ed Greshko wrote:
Are you saying that you have,
PasswordAuthentication no
set on the server in /etc/ssh/sshd_config?
If this
. #PasswordAuthentication yes #PermitEmptyPasswords no PasswordAuthentication yes
# Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no
This looks ok to me.
Until recently user bobg had access wit a password. That has stopped working. Dunno why.
On 9/13/19 2:20 PM, Bob Goodwin wrote:
On 09/13/19 15:42, Samuel Sieb wrote:
Have you checked the server logs? Maybe you have password authentication turned off? ____
. Not until you asked, then I can ssh as root. Tried journalctl -e after an ssh bobg@box48 but all the file times are about 6 minutes earlier?
I must be doing something wrong there ...
and there are logs in /var/log but nothing is obvious.
Too much information there, I'm overwhelmed with log data.
Run "journalctl -fa -u sshd" in one terminal and try ssh as your user in another one. See what shows up.
-
Bob Goodwin -
Ed Greshko -
Samuel Sieb -
Tom Horsley