AIX Open Source

 View Only
Expand all | Collapse all

Local and LDAP users failing: password authentication failed

  • 1.  Local and LDAP users failing: password authentication failed

    Posted Fri September 22, 2023 10:38 AM

    I have an AIX 7.2 server that we use as a gold image server.  I was going through some CIS Benchmark settings dealing with the "Default" values and ended up losing access.  Luckily I have a user with an SSH key on the box so I was able to get back in.  I am having an issue trying to see what is causing my issue and was leaning towards the community for assistance.

    /etc/security/login.cfg

    default:
            sak_enabled = false
            logintimes =
            logindisable = 0
            logininterval = 0
            loginreenable = 0
            logindelay = 10
            herald = "\r\n NOTICE:\r\n\r\n Access to this computer system/network and the information on it is the\r\n property of The Huntington and is intended only for employees and other\r\n users properly authorized by The Huntington.  It is to be accessed only\r\n for  proper  business  purposes in accordance with Huntington Policies,\r\n Standards and Guidelines.   Unauthorized access or improper use of this\r\n system/network and the information on it will be cause for disciplinary\r\n action,   up to and including termination and may be a criminal offense\r\n resulting in criminal prosecution and/or civil liability.\r\n\r\nlogin: "

    */dev/console:
    *       synonym = /dev/tty0

    usw:
            auth_type = PAM_AUTH
            logintimeout = 30
            maxlogins = 32767
            mkhomeatlogin = true
            shells = /bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh,/bin/ksh93,/usr/bin/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/rksh,/usr/bin/rksh93,/usr/sbin/uucp/uucico,/usr/sbin/sliplogin,/usr/sbin/snappd,/usr/bin/bash,/bin/hnbdefaultshell,/usr/bin/hnbdefaultshell,/uv/bin/uv
            pwd_algorithm = ssha256
            unix_passwd_compat = true
            logindelay = 10

    Not sure what other data I need to provide.  Here is output in the logging with an attempt from ldap and/or local user:

    LOCAL USER

    (utaecegdi7200.hban.us:/)#  cat /var/adm/syslog | grep ecetestuser
    Sep 22 10:30:09 utaecegdi7200 auth|security:debug sshd[12452152]: debug1: userauth-request for user ecetestuser service ssh-connection method none [preauth]
    Sep 22 10:30:09 utaecegdi7200 auth|security:debug sshd[12452152]: debug1: PAM: initializing for "ecetestuser"
    Sep 22 10:30:09 utaecegdi7200 auth|security:debug sshd[12452152]: debug1: userauth-request for user ecetestuser service ssh-connection method keyboard-interactive [preauth]
    Sep 22 10:30:09 utaecegdi7200 auth|security:debug sshd[12452152]: debug1: auth2_challenge: user=ecetestuser devs= [preauth]
    Sep 22 10:30:09 utaecegdi7200 auth|security:err|error sshd[12452152]: error: PAM: Authentication failed for ecetestuser from 10.176.12.209
    Sep 22 10:30:09 utaecegdi7200 auth|security:err|error sshd[12452152]: error: PAM: Authentication failed for ecetestuser from 10.176.12.209
    Sep 22 10:30:09 utaecegdi7200 auth|security:info sshd[12452152]: Failed keyboard-interactive/pam for ecetestuser from 10.176.12.209 port 33027 ssh2
    Sep 22 10:30:19 utaecegdi7200 auth|security:info syslog: ssh: failed login attempt for ecetestuser from 10.176.12.209
    Sep 22 10:30:19 utaecegdi7200 auth|security:debug sshd[12452152]: debug1: audit event euid 0 user ecetestuser event 5 (SSH_failkbdint)
    Sep 22 10:30:19 utaecegdi7200 auth|security:debug sshd[12452152]: debug1: userauth-request for user ecetestuser service ssh-connection method password [preauth]
    Sep 22 10:30:19 utaecegdi7200 auth|security:debug sshd[12452152]: debug1: PAM: password authentication failed for ecetestuser: Authentication failed
    Sep 22 10:30:19 utaecegdi7200 auth|security:info sshd[12452152]: Failed password for ecetestuser from 10.176.12.209 port 33027 ssh2
    Sep 22 10:30:39 utaecegdi7200 auth|security:info syslog: ssh: failed login attempt for ecetestuser from 10.176.12.209
    Sep 22 10:30:39 utaecegdi7200 auth|security:debug sshd[12452152]: debug1: audit event euid 0 user ecetestuser event 4 (SSH_failpasswd)
    Sep 22 10:30:39 utaecegdi7200 auth|security:info sshd[12452152]: Connection closed by authenticating user ecetestuser 10.176.12.209 port 33027 [preauth]
    Sep 22 10:30:39 utaecegdi7200 auth|security:debug sshd[12452152]: debug1: audit event euid 0 user ecetestuser event 12 (SSH_connabndn)

    LDAP USER

    Sep 22 10:22:46 utaecegdi7200 auth|security:debug sshd[12583390]: debug1: audit event euid 0 user eceunix04uttap event 0 (SSH_exceedmtrix)
    Sep 22 10:22:46 utaecegdi7200 auth|security:debug sshd[12583390]: debug1: audit event euid 0 user eceunix04uttap event 12 (SSH_connabndn)
    Sep 22 10:24:24 utaecegdi7200 auth|security:debug sshd[13697306]: debug1: userauth-request for user eceunix04uttap service ssh-connection method none [preauth]
    Sep 22 10:24:24 utaecegdi7200 auth|security:debug sshd[13697306]: debug1: PAM: initializing for "eceunix04uttap"
    Sep 22 10:24:24 utaecegdi7200 auth|security:debug sshd[13697306]: debug1: userauth-request for user eceunix04uttap service ssh-connection method keyboard-interactive [preauth]
    Sep 22 10:24:24 utaecegdi7200 auth|security:debug sshd[13697306]: debug1: auth2_challenge: user=eceunix04uttap devs= [preauth]
    Sep 22 10:24:24 utaecegdi7200 auth|security:err|error sshd[13697306]: error: PAM: Authentication failed for eceunix04uttap from 10.176.12.209
    Sep 22 10:24:24 utaecegdi7200 auth|security:err|error sshd[13697306]: error: PAM: Authentication failed for eceunix04uttap from 10.176.12.209
    Sep 22 10:24:24 utaecegdi7200 auth|security:info sshd[13697306]: Failed keyboard-interactive/pam for eceunix04uttap from 10.176.12.209 port 33005 ssh2
    Sep 22 10:24:24 utaecegdi7200 auth|security:info syslog: ssh: failed login attempt for eceunix04uttap from 10.176.12.209
    Sep 22 10:24:24 utaecegdi7200 auth|security:debug sshd[13697306]: debug1: audit event euid 0 user eceunix04uttap event 5 (SSH_failkbdint)
    Sep 22 10:24:25 utaecegdi7200 auth|security:debug sshd[13697306]: debug1: userauth-request for user eceunix04uttap service ssh-connection method password [preauth]
    Sep 22 10:24:25 utaecegdi7200 auth|security:debug sshd[13697306]: debug1: PAM: password authentication failed for eceunix04uttap: Authentication failed
    Sep 22 10:24:25 utaecegdi7200 auth|security:info sshd[13697306]: Failed password for eceunix04uttap from 10.176.12.209 port 33005 ssh2
    Sep 22 10:24:25 utaecegdi7200 auth|security:info syslog: ssh: failed login attempt for eceunix04uttap from 10.176.12.209
    Sep 22 10:24:25 utaecegdi7200 auth|security:debug sshd[13697306]: debug1: audit event euid 0 user eceunix04uttap event 4 (SSH_failpasswd)
    Sep 22 10:24:26 utaecegdi7200 auth|security:info sshd[13697306]: Connection closed by authenticating user eceunix04uttap 10.176.12.209 port 33005 [preauth]
    Sep 22 10:24:26 utaecegdi7200 auth|security:debug sshd[13697306]: debug1: audit event euid 0 user eceunix04uttap event 12 (SSH_connabndn)



    ------------------------------
    Joshua Krause
    ------------------------------


  • 2.  RE: Local and LDAP users failing: password authentication failed

    IBM Champion
    Posted Fri September 22, 2023 11:22 AM
    This is likely the PAM configuration, though there is a remote chance that sshd isn't handing PAM the correct information...

    Can you send us the PAM config?

    -- 
    Stephen L. Ulmer
    Enterprise Architect
    Mainline Information Systems




    Original Message