Problem with ssh login

byrnejb · November 15, 2022, 8:06pm

I have set up a new RL8 vm. The networking is fine. I can log in via the vm console. SSHD is running. The configuration file has had our standard local changes appended to the bottom of sshd_config and is listening on one of the ip addresses assigned. The problem is that I cannot authenticate with a password. The connection is made and the password is requested but permission is always denied.

I previously set up another RL8 vm which, as far as I can discover, is identically configured except to the disk partitions and the IP addresses. This vm allows ssh authentication so there must be some difference between the two but I cannot discover what it is.

On the vm that I can ssh to and authenticate I see this in /var/log/audit/audit.log:

type=CRED_ACQ msg=audit(1668541574.766:135): pid=1655 uid=0 auid=4294967295 ses=429496
7295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_uni
x acct="byrnejb_hll" exe="/usr/sbin/sshd" hostname=192.168.216.104 addr=192.168.216.10
4 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1668541574.766:136): pid=1655 uid=0 subj=system_u:system_r:sshd_t
:s0-s0:c0.c1023 old-auid=4294967295 auid=1001 tty=(none) old-ses=4294967295 ses=5 res=
1UID="root" OLD-AUID="unset" AUID="byrnejb_hll"

On the vm where ssh authentication fails I see this:

type=USER_AUTH msg=audit(1668541810.666:90): pid=1636 uid=0 auid=4294967295 ses=429496
7295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="byrnejb_hll" ex
e="/usr/sbin/sshd" hostname=? addr=192.168.216.104 terminal=ssh res=failed'UID="root" 
AUID="unset"
type=USER_AUTH msg=audit(1668541810.672:91): pid=1636 uid=0 auid=4294967295 ses=429496
7295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="byrnejb_hll" ex
e="/usr/sbin/sshd" hostname=? addr=192.168.216.104 terminal=ssh res=failed'UID="root" 
AUID="unset"
type=USER_AUTH msg=audit(1668541810.678:92): pid=1636 uid=0 auid=4294967295 ses=429496
7295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="byrnejb_hll" ex
e="/usr/sbin/sshd" hostname=? addr=192.168.216.104 terminal=ssh res=failed'UID="root" 
AUID="unset"
type=USER_AUTH msg=audit(1668541819.067:93): pid=1636 uid=0 auid=4294967295 ses=429496
7295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=
? acct="byrnejb_hll" exe="/usr/sbin/sshd" hostname=192.168.216.104 addr=192.168.216.10
4 terminal=ssh res=failed'UID="root" AUID="unset"

Passwordl-less logon for root with authorized_keys works. Password-less login for regular users with authorized_keys fail. SSH always ended up asking for a password.

Can anyone decipher what this is telling me? This has to be some sort of configuration error.

jlehtone · November 15, 2022, 8:44pm

Are the permissions and contexts correct for .ssh/ and .ssh/authorized_keys?
Are the regular user homes on local volume, or NFS-mounted?

byrnejb · November 15, 2022, 8:48pm

The user home directories were created through the useradd utility. The regular users do not have authorized_keys files in .ssh. All directories on the local file system.

restorecon does not report any errors.

byrnejb · November 15, 2022, 9:30pm

This has been solved. I ran sshd -d from the command line and discovered this:

Authentication refused: bad ownership or modes for file /home/byrnejb_hll/.ssh/authorized_keys

This was fixed. To be sure I also reset the passwords of all the user accounts. Between the two the problem has been resolved.