A A A

Please consider registering
guest

Log In

Lost password?
Advanced Search:

— Forum Scope —



— Match —



— Forum Options —




Wildcard usage:
*  matches any number of characters    %  matches exactly one character

Minimum search word length is 4 characters - maximum search word length is 84 characters

Topic RSS
PAM_SUCCESS Keyboard-interactive (PAM) userauth failed[] while authenticating: Authentication failed
September 22, 2014
12:53 pm
Lo0oM
Admin
Forum Posts: 217
Member Since:
September 30, 2012
Offline

Hi

 

Description:

I have Solaris 10 x86 VM server and i can't ssh to it with any user except root. For root ssh works just fine. Other users got errors:

Access denied.

ssh debug (server side)

debug1: attempt 7 initial attempt 5 failures 7 initial failures 5
debug2: input_userauth_request: try method keyboard-interactive
debug1: keyboard-interactive devs
debug2: Starting PAM service sshd-kbdint for method keyboard-interactive
debug2: Calling pam_authenticate()
debug2: PAM echo off prompt: Password:
debug2: Nesting dispatch_run loop
debug1: got 1 responses
debug2: Nested dispatch_run loop exited
debug1: PAM conv function returns PAM_SUCCESS
Keyboard-interactive (PAM) userauth failed[9] while authenticating: Authentication failed
Failed keyboard-interactive for postgres from 10.1.1.2 port 58811 ssh2
Disconnecting: Too many authentication failures for postgres
debug1: Calling cleanup 0x8064fe7(0x80c42a0)
debug1: Calling cleanup 0x807e79a(0x0)
monitor debug1: child closed the communication pipe before user auth was finished
monitor debug1: Calling cleanup 0x807e79a(0x0)
monitor debug1: Calling cleanup 0x807e79a(0x0)

Here can be 2 reasons:

1. User blocked by ssh configuration. (/etc/ssh/sshd_conf).

2. User blocked by server policy. (usually /etc/user_attr if PAM was not reconfigured after installation).

 

Solution:

1. Add clear restrict permission to log in through ssh. (in my case user postgres).

# echo "AllowUsers root postgres" >> /etc/ssh/sshd_conf

 

2. check policy with command:

# login postgres

Password:
Roles can only be assumed by authorized users
Login incorrect

if you see output like above, that mean you need to reconfigure policy.

 

comment out line postgres in /etc/user_attr file like that:

cat /etc/user_attr
adm::::profiles=Log Management
lp::::profiles=Printer Management
#postgres::::type=role;profiles=Postgres Administration,All

Now all works.

 

Thank you.

 

 

Forum Timezone: UTC 0

Most Users Ever Online: 31

Currently Online:
4 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Member Stats:

Guest Posters: 0

Members: 0

Moderators: 0

Admins: 1

Forum Stats:

Groups: 3

Forums: 20

Topics: 214

Posts: 214

Newest Members: Lo0oM

Administrators: Lo0oM (217)