Operating System: openSUSE MicroOS 20230626
KDE Plasma Version: 5.27.6
KDE Frameworks Version: 5.107.0
Qt Version: 5.15.10
Kernel Version: 6.3.9-1-default (64-bit)
Graphics Platform: X11
Processors: 8 × Intel® Core™ i7-6700K CPU @ 4.00GHz
Memory: 31.0 GiB of RAM
Graphics Processor: Mesa Intel® HD Graphics 530
sshd reports trouble with shadow information:
linux:~ # systemctl status sshd
● sshd.service - OpenSSH Daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
Active: active (running) since Wed 2023-06-28 04:22:25 UTC; 7min ago
Process: 933 ExecStartPre=/usr/sbin/sshd-gen-keys-start (code=exited, status=0/SUCCESS)
Process: 939 ExecStartPre=/usr/sbin/sshd -t $SSHD_OPTS (code=exited, status=0/SUCCESS)
Main PID: 943 (sshd)
Tasks: 1
CPU: 116ms
CGroup: /system.slice/sshd.service
└─943 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
Jun 28 04:22:25 localhost sshd-gen-keys-start[933]: Checking for missing server keys in /etc/ssh
Jun 28 04:22:25 localhost sshd[943]: Server listening on 0.0.0.0 port 22.
Jun 28 04:22:25 localhost sshd[943]: Server listening on :: port 22.
Jun 28 04:22:25 localhost systemd[1]: Started OpenSSH Daemon.
Jun 28 04:23:09 linux.fritz.box sshd[1851]: error: Could not get shadow information for karl
Jun 28 04:23:09 linux.fritz.box sshd[1851]: Failed password for karl from 2001:a62:1972:6f01:aa03:aa6d:58f:69c5 port 47564 ssh2
Jun 28 04:23:15 linux.fritz.box sshd[1851]: Connection closed by authenticating user karl 2001:a62:1972:6f01:aa03:aa6d:58f:69c5 port 47564 [preauth]
Jun 28 04:24:49 linux.fritz.box sshd[1871]: error: Could not get shadow information for root
Jun 28 04:24:50 linux.fritz.box sshd[1871]: Failed password for root from 2001:a62:1972:6f01:aa03:aa6d:58f:69c5 port 35148 ssh2
Jun 28 04:26:45 linux.fritz.box sshd[1871]: fatal: Timeout before authentication for 2001:a62:1972:6f01:aa03:aa6d:58f:69c5 port 35148
linux:~ #
So, your setting regarding usePAM is from a properly maintained host.
As the use of “use PAM no” can lead to error messages which Karl sees, he should check if he has a proper maintenance and settings strategy for his infamous hosts
@hui yes, never touched the configs… bert & kermit are self installs with combustion , fozzie-bear and ernie are iso image installs of Aeon, all bare-metal, not vm’s… Now, these are not new installs…
Upon restarting sshd on microos I got the errors shown in post #1. After appending the line UsePAM yes to /etc/ssh/sshd_config and restarting sshd trouble was gone.
Default configuration of ssh worked properly since a decade on infamous host erlangen and its numerous siblings. It’s broken on microos. Tinkering required!
Good. So the problem is solved for you, is not it?
It does not explain why sshd fails to access /etc/shadow.
For the sake of archives - MicroOS defaults to SELinux in targeted enforcing mode. When UsePAM is enabled, pam_unix module calls unix_chkpwd binary which is allowed to read /etc/shadow. Without PAM, sshd tries to read this file directly which is prohibited by SELinux for its (sshd systemd service process) context.
If you start sshd within your root login session which has unconfined SELinux context, authentication succeeds.
Of course. If you do not understand it, it must be someone else fault, what else can it be.