Redhat Linux password fail on ssh
I am trying to ssh into my linux machine from my mac. If I am physically at the machine I can log in with my password just fine, but if I am sshing it refuses. I am getting: Permission denies (publickey,keyboard-interactive) I have previously been able to ssh in (last time was probably about a month ago) but all of a sudden I can't access it any more. I thought that it might be caused by some changes that I recently made to system-auth, but I restored everything to what I believe was the original format:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
But I still could not ssh in. I tried removing my password all together and that didn't seem to help either. It still asks and even entering an empty string (nothing) it still fails me out.
I checked the sshd_config, at the suggestion of an answer below, and that does not seem to be the issue.
PermitEmptyPasswords yes
PasswordAuthentication yes
UsePAM yes
ChallengeResponseAuthentication no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /home/%u/.ssh/authorized_keys
I haven't actually looked into this file, before it was suggested, so I imagine most of it is probably still system defaults.
And I am still shut out through ssh.
Any advice?
If you're running Red Hat with Security Enchanced Linux enabled (SELinux), then you might be having a problem because SELinux is preventing sshd from reading $HOME/.ssh. To make SELinux happy, you have to do
root@sshd-server# restorecon -Rv ~/.ssh
To see if you're running with SELinux enabled use sestatus. Here's what it looks like if SELinux is enabled.
root@sshd-server# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
Note that you may also have to change the security context of the .ssh file. Use the -Z switch to the ls command like:
ls -laZ ~/.ssh
Which may report a security context like system_u:object_r:default_t:s0.
Then use the chcon command like:
chcon -R -v system_u:object_r:usr_t:s0 ~/.ssh/
Thanks to Massimo Ronca's post titled "Fixing SELinux and passwordless SSH authentication"[1] for the chcon tip.
1- https://massimoronca.it/2017/03/14/fixing-selinux-and-passwordless-ssh-authentication.html
Sounds like your ssh is configured to not allow password login (which is an encouraged security approach). There are two solutions: change the setting or setup keys on your mac machine.
To change the setting
- Edit your
sshd_configfile (/etc/ssh/sshd_config): - Find entry
PasswordAuthenticationand make sure it's set toyes(will likely benoor commented out) - Restart sshd:
service sshd restart - You can now connect with username/password
To setup keys
- Create a key pair on the machine you're connecting from
-
Store the public aspect on the remote server (under
~/.ssh/authorized_keys) - Configure
sshto connect using the key rather than a password - There's a good overview of this here: MacNugget/Using SSH Public Key Authentication
NOTE:
The easiest way to push your public key (setup keys option) is through ssh, so you may actually want to turn PasswordAuthentication on setup keys and then turn it off again once your key is setup.