ssh, unable to connect to a machine, with any account, other than root
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ssh, unable to connect to a machine, with any account, other than root
The machine in question, has a clean install of slackware 13.37, as far as it goes, its "stock" - brand new home directory, the machine had its partitions wiped out, so no weird artifacts or pointers pointing to files that don't exist.
I was going to push applications onto it, when I found out, I was unable to use any account, aside from root, to ssh in. With further testing - trying to ssh into itself, using its IP (not localhost - and just now, tested with localhost, same response) - Permission denied, please try again.
The password for the user account has been reset, same response.
/etc/ssh/sshd_config has not been touched (its very much like a copy on my main machine - and it works fine).
At one point I tried to use the method where one has a public key, copied to one machine, and doesn't need to supply the password, as it has a related file on the other machine (sorry, can't recall what this method is called) and while it worked fine, the minute I used an application such as konquorer, dolphin or ftp, the application presented me with a password dialog, and again, permission denied.
So I am baffled now. Where's a good place to start looking? When I compare files from main machine (A) to this one (B), there's no differences, when related to ssh, sshd and I've deleted .ssh in the user's home folder, to no resolution.
Just to be clear, aside from turning on the ssh file in setup, this is a stock install, right from the slackware dvd. Any config file I touched, I made sure to backup & restore when something didn't pan out.
Has something changed in ssh since 13.1? Have I actually missed something glaringly obvious?
Any help would be much appreciated.
-----
EDIT # 1 :
Forgot to mention, if the Xserver is never used (so, log on, stay at command prompt) the same problem happens.
EDIT # 2 :
I was being purposely vague, and I see now, that won't help anyone, nor myself
Machine A - Main, working fine. Running 13.37
Machine B - Laptop, clean install (repartitioned, etc, literally clean). Running 13.37.
EDIT #3 :
Seems this might be actually crucial, Laptop can use either a wireless IP or a wired IP. I hadn't mentioned this, as when I used ubuntu on laptop, things seemed to work just fine, when changing IPs without restarting the machine. I Now wonder if ubuntu "does something" to ensure ssh would work correctly afterwards?
Last edited by WetFroggy; 01-29-2012 at 02:37 PM.
Reason: Unimportant info seems to be actually important!
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
Rep:
Some stuff that might help (or, you know, might not, but here goes anyway).
Are you using fixed-IP on these machines? If so, do you have entries in /etc/host of the form
Code:
# For loopbacking.
127.0.0.1 localhost
192.168.1.10 fubar.com fubar < this is "this" server >
192.168.1.15 InkJet < this is a network printer >
192.168.1.20 snafu.com snafu < this is another server >
192.168.1.30 pita.com pita < this is yet another server >
Those go in every server's /etc/hosts file (and then you can connect with, say)
Code:
ssh pita
Have you generated keys in the account(s) on the new machine (not copied from any other platform)?
Code:
log in
password
ssh-keygen
<hit the enter key when prompted for a passphrase>
Those will get written into ~/.ssh as id_rsa and id_rsa.pub (RSA is the default encryption, you could choose another method, see the manual page).
For password-less connections you copy the id_rsa.pub to the other machine(s) you wish to allow to connect to this machine without a password, account by account, and copy the id_rsa.pub files to this machine from the other machine(s) so this machine can go that way without a password. I find it easier to, on a local machine, to copy ~/.ssh/id_rsa.pub to a file named the machine name; e.g., on server fubar
Code:
cd .ssh
cp id_rsa.pub fubar
If you're doing this for a bunch of servers, it's easier to copy that file to the ~/.ssh directory then append it to authorized_keys file (and you won't overwrite the id_rsa.pub file on the machine). See below.
You can create a config file in ~/.ssh of the form (this is the conf file that resides on server fubar for connecting to pita and snafu):
Code:
Host pita
ForwardAgent yes
ForwardX11 yes
Compression yes
Protocol 2,1
User trona
Host pita
ForwardX11 yes
Compression yes
Protocol 2,1
User root
Host snafu
ForwardAgent yes
ForwardX11 yes
Compression yes
Protocol 2,1
User trona
Host snafu
ForwardX11 yes
Compression yes
Protocol 2,1
User root
Host *
ForwardX11 no
Note that the above allows user trona to connect with ssh pita or allows user trona to connect to pita as root with ssh -l root pita. The id_rsa.pub files for all user account names on all servers are entered in ~/.ssh/authorized_keys.
When you first connect to a server (and give the appropriate password for that server) its information will be entered in ~/.ssh/known_hosts. As above, you do not copy this from server to server, it's generated when you successfully connect the first time. You do copy the public key file, ~/.ssh/id_rsa.pub or ~/.ssh/fubar if you made a copy, to the other servers' ~/.ssh/authorized_keys files but you never copy the private key, ~/.ssh/id_rsa, anywhere.
Doing the above, you don't need to fiddle with /etc/ssh/ssh_config; in fact, a standard Slackware installation sets up the system keys for you and you don't need to fiddle with them (and you really do not want to copy any of those to any other box, do it on a user-by-user basis).
For password-less connections you copy the id_rsa.pub to the other machine(s) you wish to allow to connect to this machine without a password, account by account, and copy the id_rsa.pub files to this machine from the other machine(s) so this machine can go that way without a password. I find it easier to, on a local machine, to copy ~/.ssh/id_rsa.pub to a file named the machine name; e.g., on server fubar
Code:
cd .ssh
cp id_rsa.pub fubar
If you're doing this for a bunch of servers, it's easier to copy that file to the ~/.ssh directory then append it to authorized_keys file (and you won't overwrite the id_rsa.pub file on the machine). See below.
Actually, the ssh-copy-id command is the easiest way to do it. My hat is off to the person who pointed this out to me in one of the other forum threads! (I don't remember who, unfortunately.)
Last edited by Richard Cranium; 01-29-2012 at 02:25 AM.
Reason: "command" the word is "command"
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541
Rep:
Quote:
Originally Posted by Richard Cranium
Actually, the ssh-copy-id command is the easiest way to do it. My hat is off to the person who pointed this out to me in one of the other forum threads! (I don't remember who, unfortunately.)
Well, hot dang, never did come across that one -- probably ought to read all the man pages, eh? Makes life easier.
On what type of machine are you running the ssh command in order to log into the Slackware 13.37 machine?
Can you log in directly as a non-root user on the Slackware 13.37 machine?
Machine B (henceforth, laptop) seems unable to ssh into itself. This is my typical test, means everything else on the network can be turned off - if it doesn't work for itself, something is amiss. If "directly" means can I log in locally by the log-in command (not ssh) yes, if it means "can you ssh into laptop from the laptop", then no.
@Cedrik
Quote:
For X applications, you need to add the machine A's IP to xhost to access machine B applications
Sorry, forgot to mention a critical part, Xserver doesn't need to be even running for the same problem to occur. (ls -l ~/.Xauthority results in -rw-------). [I'll correct my original post].
@tronayne
Quote:
Are you using fixed-IP on these machines? If so, do you have entries in /etc/host of the form
Yes and no, Fixed IPs are handled by the dhcp server, but as a test, I did add the fixed IPs to laptop's hosts file, and lo, I could finally ssh into the main machine with laptop's user account, yet I can't go from main back to laptop, nor can laptop ssh into itself (unless of course, I use root)*. The IPs were always in the main's hosts file, and again, no change.
Quote:
Have you generated keys in the account(s) on the new machine (not copied from any other platform)?
Tried this, no change.
Quote:
For password-less connections you copy the id_rsa.pub to the other machine(s) you wish to allow to connect to this machine without a password, account by account, and copy the id_rsa.pub files to this machine from the other machine(s) so this machine can go that way without a password.
Tried this (before adjusting the hosts file - I will assume it might work - but as this is laptop, getting the password-forced connections part working, is currently more critical), and this does work, but only if I use a command prompt, x-based applications, such as konquoror, gftp, etc, result in the initial trouble.
For everything I've tried, I attempt first with wired IP, then wireless IP (just occurred to me I didn't mention this, sorry, will adjust OP) after adding the main's ip/name to laptops hosts file, user could finally get in. Main on the otherhand, even with the ip/name already present can't ssh in, unless I use ... is not working? :/
*I think I'm adding an unintentional complexity. It was working earlier (after I adjusted hosts file), seems to be when laptop changes from a wired to a wireless IP something breaks both coming and going? Hmm.
You can connect with root remotely, so it's not likely a TCP/IP problem;
Since you mention repartition, I have to ask: you actually can login locally? :-)
What's your Hostkey?
HostKey /etc/ssh/ssh_host_rsa_key
Just to make sure there's not something weird in your sshd config; can you just take a look there for some settings that may actually not be that logical?
By default sshd should losten on all devices; should not matter if they become available afterwards or not, but you can take a check: after the system is up and running to perform a /etc/rc.d/rc.sshd restart ; might be the bindings go awray, which they should not.
just a few pennies I thought I'd toss about.
Might be there's something showing up in your log files: /var/log/messages ; /var/log/syslog or maybe even /var/log/secure
it might point you to something that's going on.
Might be there's something showing up in your log files: /var/log/messages ; /var/log/syslog or maybe even /var/log/secure
it might point you to something that's going on.
/var/log/messages :
... User ... from [laptop1] not allowed because not listed in AllowedUsers
.. Failed password for invalid user...
Seems I didn't revert back to the stock config file. While I was stabbing away blindly, I in "/etc/hosts" adjusted what the machine name for the wireless IP was `Laptop1`, because I thought that that was what was breaking things - yet, AllowedUsers was indeed set, thereby breaking every single supposed new test after that. Reverting to the stock config, and readjusting the hosts file to what it should have been, the tests all worked.
Now, when I'm calm enough so I don't do dumb things again, I'll get to securing laptop.
Thank you all, for your patience & help.
Although, the blind stab into hosts, helped me see what I had forgotten to do .. so perhaps that helped .. sort of?
Last edited by WetFroggy; 02-01-2012 at 02:05 PM.
Reason: last thoughts
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.