Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Unable to log in with one local account

  1. #1

    Default Unable to log in with one local account

    Leap 42.2

    I have a really odd issue. There is one user who can't login. The account used to be able to log into the console and ssh but neither works now.

    Logging into console: "Incorrect password, please try again"
    I reset the password via the root account several times with no effect.

    Logging in over SSH: ""Received disconnect from x.x.x.x port 22:2: Too many authentication failures"
    I chased my tail on this one. I don't think it's a pki problem because it actually gets to the password prompt then fails after entering the password. (output is below)

    Other users with the exact same permissions can console and SSH like usual.

    I verified the account is not locked or disabled.

    I reset the pam tally

    I deleted the entire account and it's home directory, and re-added it.

    Any other suggestions?

    Output from the failed SSH login attempt:

    Code:
    bobbyhood@XXX:~> ssh XXX@XXX -v
    OpenSSH_7.2p2, OpenSSL 1.0.2j-fips  26 Sep 2016
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 25: Applying options for *
    debug1: Connecting to XXX [XXX.XXX.XXX.XXX] port 22.
    debug1: Connection established.
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_rsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_rsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_dsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_dsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_ecdsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_ecdsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_ed25519 type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_7.2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2
    debug1: match: OpenSSH_7.2 pat OpenSSH* compat 0x04000000
    debug1: Authenticating to XXX:22 as 'XXX'
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256@libssh.org
    debug1: kex: host key algorithm: ecdsa-sha2-nistp256
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: kex: curve25519-sha256@libssh.org need=64 dh_need=64
    debug1: kex: curve25519-sha256@libssh.org need=64 dh_need=64
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ecdsa-sha2-nistp256 SHA256:XXX
    debug1: Host 'XXX' is known and matches the ECDSA host key.
    debug1: Found key in /home/bobbyhood/.ssh/known_hosts:24
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
    debug1: SSH2_MSG_SERVICE_ACCEPT received
                            ****USAGE WARNING****
    
    This is a private computer system. This computer system, including all
    related equipment, networks, and network devices (specifically including
    Internet access) are provided only for authorized use. This computer system
    may be monitored for all lawful purposes, including to ensure that its use
    is authorized, for management of the system, to facilitate protection against
    unauthorized access, and to verify security procedures, survivability, and
    operational security. Monitoring includes active attacks by authorized entities
    to test or verify the security of this system. During monitoring, information
    may be examined, recorded, copied and used for authorized purposes. All
    information, including personal information, placed or sent over this system
    may be monitored.
    
    Use of this computer system, authorized or unauthorized, constitutes consent
    to monitoring of this system. Unauthorized use may subject you to criminal
    prosecution. Evidence of unauthorized use collected during monitoring may be
    used for administrative, criminal, or other adverse action. Use of this system
    constitutes consent to monitoring for these purposes.
    
    debug1: Authentications that can continue: publickey,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/bobbyhood/.ssh/id_rsa
    debug1: Trying private key: /home/bobbyhood/.ssh/id_dsa
    debug1: Trying private key: /home/bobbyhood/.ssh/id_ecdsa
    debug1: Trying private key: /home/bobbyhood/.ssh/id_ed25519
    debug1: Next authentication method: keyboard-interactive
    Password:  
    debug1: Authentications that can continue: publickey,keyboard-interactive
    debug1: Authentications that can continue: publickey,keyboard-interactive
    Received disconnect from XXX.XXX.XXX.XXX port 22:2: Too many authentication failures
    debug1: Authentication succeeded (keyboard-interactive).
    Authenticated to XXX ([XXX.XXX.XXX.XXX]:22).
    debug1: channel 0: new [client-session]
    debug1: Requesting no-more-sessions@openssh.com
    debug1: Entering interactive session.
    debug1: pledge: network
    debug1: channel 0: free: client-session, nchannels 1
    Connection to XXX closed by remote host.
    Connection to XXX closed.
    Transferred: sent 1932, received 2824 bytes, in 0.0 seconds
    Bytes per second: sent 5635184.5, received 8236936.4
    debug1: Exit status -1
    bobbyhood@XXX:~> 
    Output from another account's successful login attempt:

    Code:
    bobbyhood@XXX:/> ssh XXX@XXX -v
    OpenSSH_7.2p2, OpenSSL 1.0.2j-fips  26 Sep 2016
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: /etc/ssh/ssh_config line 25: Applying options for *
    debug1: Connecting to XXX [XXX.XXX.XXX.XXX] port 22.
    debug1: Connection established.
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_rsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_rsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_dsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_dsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_ecdsa type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_ecdsa-cert type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_ed25519 type -1
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/bobbyhood/.ssh/id_ed25519-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_7.2
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2
    debug1: match: OpenSSH_7.2 pat OpenSSH* compat 0x04000000
    debug1: Authenticating to XXX:22 as 'XXX'
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256@libssh.org
    debug1: kex: host key algorithm: ecdsa-sha2-nistp256
    debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
    debug1: kex: curve25519-sha256@libssh.org need=64 dh_need=64
    debug1: kex: curve25519-sha256@libssh.org need=64 dh_need=64
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ecdsa-sha2-nistp256 SHA256:nKdZX8975JkliEtbbrGfZi+AZLXJnoYjQ1uGNe4MEmo
    debug1: Host 'XXX' is known and matches the ECDSA host key.
    debug1: Found key in /home/bobbyhood/.ssh/known_hosts:24
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: rekey after 134217728 blocks
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
    debug1: SSH2_MSG_SERVICE_ACCEPT received
                            ****USAGE WARNING****
    
    This is a private computer system. This computer system, including all
    related equipment, networks, and network devices (specifically including
    Internet access) are provided only for authorized use. This computer system
    may be monitored for all lawful purposes, including to ensure that its use
    is authorized, for management of the system, to facilitate protection against
    unauthorized access, and to verify security procedures, survivability, and
    operational security. Monitoring includes active attacks by authorized entities
    to test or verify the security of this system. During monitoring, information
    may be examined, recorded, copied and used for authorized purposes. All
    information, including personal information, placed or sent over this system
    may be monitored.
    
    Use of this computer system, authorized or unauthorized, constitutes consent
    to monitoring of this system. Unauthorized use may subject you to criminal
    prosecution. Evidence of unauthorized use collected during monitoring may be
    used for administrative, criminal, or other adverse action. Use of this system
    constitutes consent to monitoring for these purposes.
    
    debug1: Authentications that can continue: publickey,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/bobbyhood/.ssh/id_rsa
    debug1: Trying private key: /home/bobbyhood/.ssh/id_dsa
    debug1: Trying private key: /home/bobbyhood/.ssh/id_ecdsa
    debug1: Trying private key: /home/bobbyhood/.ssh/id_ed25519
    debug1: Next authentication method: keyboard-interactive
    Password:  
    debug1: Authentication succeeded (keyboard-interactive).
    Authenticated to XXX ([XXX.XXX.XXX.XXX]:22).
    debug1: channel 0: new [client-session]
    debug1: Requesting no-more-sessions@openssh.com
    debug1: Entering interactive session.
    debug1: pledge: network
    debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
    debug1: Sending environment.
    Last login: Tue Apr  3 15:11:41 2018 from 192.168.240.200
    Have a lot of fun...
    XXX@XXX:~>
    

  2. #2
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    20,926
    Blog Entries
    14

    Default Re: Unable to log in with one local account

    Try deleting the keys for that user, then recreate them. Can't think of any other solution.

    Another thing: you're running 42.2 which is out of maintenance and support. Consider upgrading to 42.3, this apart from your current issues
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  3. #3

    Default Re: Unable to log in with one local account

    Upgrading is on the to-do list.

    I just discovered the same thing happens to all new users I create.

  4. #4
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    30,474

    Default Re: Unable to log in with one local account

    As you say that that user can not log in from the local console, we can rule out any connection with SSH IMHO (SSH only shows what you already knew, the user can not log in because the password does not seem to be alright).

    You say it happens with all new created users. The obvious question is then: how do you create them?

    Also showing the entry in /etc/passwd of such a user may show something.
    Henk van Velden

  5. #5

    Default Re: Unable to log in with one local account

    Using yast to create them and add to sudo. This is the passwd entry of the user that could log in but can't now (of course I have deleted and re-added it):

    Code:
    webadmin:x:1001:100:Web Admin:/home/webadmin:/bin/bash


    Here's a new test user with the same issue:

    Code:
    testuser:x:1002:100:testuser:/home/testuser:/bin/bash
    Edit: Using the Yast gui while logged in to console as root

  6. #6
    Join Date
    Oct 2008
    Location
    Glasgow, Scotland
    Posts
    1,277

    Default Re: Unable to log in with one local account

    ;
    Quote Originally Posted by bobbyhood View Post
    Upgrading is on the to-do list.

    I just discovered the same thing happens to all new users I create.
    First thoughts
    Are the numerical UserID out of range for a login account? Do new users have a default shell specified?
    --
    slàinte mhath,
    rayH

    ~ knowing the right answer is easier than knowing the right question.

  7. #7

    Default Re: Unable to log in with one local account

    Quote Originally Posted by eng-int View Post
    ;
    First thoughts
    Are the numerical UserID out of range for a login account? Do new users have a default shell specified?
    A default shell (/bin/bash) is specified and it's using the UID range starting at 1000.

  8. #8
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    30,474

    Default Re: Unable to log in with one local account

    Quote Originally Posted by bobbyhood View Post
    A default shell (/bin/bash) is specified and it's using the UID range starting at 1000.
    as you show in the /etc/passwd entries. I do not see any peculiarities there. But we have to try everything for this strange problem I am afraid.

    BTW, what do you mean by "add to sudo"?

    Another thought. can you post
    Code:
    ls -ld /etc/shadow
    to see if the ownership permissions are correct? (But I doubt this is it, because some users seem to be OK).
    Henk van Velden

  9. #9

    Default Re: Unable to log in with one local account

    Quote Originally Posted by hcvv View Post
    as you show in the /etc/passwd entries. I do not see any peculiarities there. But we have to try everything for this strange problem I am afraid.

    BTW, what do you mean by "add to sudo"?

    Another thought. can you post
    Code:
    ls -ld /etc/shadow
    to see if the ownership permissions are correct? (But I doubt this is it, because some users seem to be OK).
    I mean I make the user a sudoer through Yast as well, but that doesn't seem to matter anyway.

    Code:
    -rw-r----- 1 root shadow 1123 Apr  4 14:02 /etc/shadow

  10. #10
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,906
    Blog Entries
    3

    Default Re: Unable to log in with one local account

    As root, try the commands:

    Code:
    getent passwd user
    getent shadow user
    where you replace "user" by the appropriate value. The first of those two commands doesn't actually need root.

    Assuming one of these fails, it will tell you which database is messed up. Sometimes what might look like a trivial error, such as a missing ":" or an extra ":" can cause problems.
    openSUSE Leap 15.4 Beta; KDE Plasma 5.24.4;
    testing Tumbleweed.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •