Can't login with password, PAM/SSH fail

skrat · 2013-06-10 14:01:13

Hi, I have freshly installed server, on Linode, I used arch 2012.10 template. Then I tried to upgrade `pacman -Syu` but there was issue with existing /bin etc., infamous filesystem package upgrade. I worked around by using ARM, first upgrading to 2013.01 then to 2013.03 and finally using latest repo. Before I did the upgrade, I copied my ssh key to the server and from there on I pubkey authentication to login. Later on I realized I need to login from various locations and I need to have password authentication as well. But that doesn't work. I use default PAM (/etc/pam.d) and SSH (/etc/ssh/sshd_config) configuration. This is what I get at LogLevel DEBUG3:

Jun 10 13:57:08 svali sshd[17069]: debug3: mm_request_receive entering [preauth]
Jun 10 13:57:08 svali sshd[17069]: debug3: mm_request_receive entering
Jun 10 13:57:08 svali sshd[17069]: debug3: monitor_read: checking request 12
Jun 10 13:57:08 svali sshd[17069]: debug3: PAM: sshpam_passwd_conv called with 1 messages
Jun 10 13:57:11 svali sshd[17069]: debug1: PAM: password authentication failed for skrat: Authentication failure
Jun 10 13:57:11 svali sshd[17069]: debug3: mm_answer_authpassword: sending result 0
Jun 10 13:57:11 svali sshd[17069]: debug3: mm_request_send entering: type 13
Jun 10 13:57:11 svali sshd[17069]: Failed password for skrat from 188.167.200.112 port 43520 ssh2
Jun 10 13:57:11 svali sshd[17069]: debug3: mm_auth_password: user not authenticated [preauth]
Jun 10 13:57:11 svali sshd[17069]: debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]

I'm absolutely clueless. I checked the password with `passwd` utility, it's all correct. What else can I do?

ewaller · 2013-06-10 16:52:03

I am a little out of me league here, but are there any pam messages in the journal as to why it failed?

Can you su to skrat after making a pubkey connection/login?

skrat · 2013-06-11 06:58:43

Yes I can su to that account. There are no messages under pam unit, pam alone doesn't seem to be logging. It could though, at least which module return a failure during authentication.

skrat · 2013-06-11 08:27:56

I thought that perhaps some configuration incompatibility occurred during the upgrade, but this doesn't seem to be the case

~ » find /etc -name "*.pacnew"
/etc/group.pacnew
/etc/pacman.d/mirrorlist.pacnew
find: `/etc/sudoers.d': Permission denied
/etc/gshadow.pacnew
/etc/passwd.pacnew
/etc/fstab.pacnew
/etc/shadow.pacnew
/etc/locale.gen.pacnew

skrat · 2013-06-13 20:43:44

When I set

UsePAM no

then it works. How can I debug PAM then? I swear I have the default PAM configuration, what could be wrong?

samos123 · 2013-08-10 08:14:04

I can only confirm that I have the same issue setting UsePAM no would enable password based authentication. Will try if I can find out some more.

capleton · 2013-08-12 17:51:53

Are you using ZSH by any chance?

skrat · 2013-08-13 09:08:53

Yes I am, on both ends.

samos123 · 2013-08-13 09:33:58

Just to confirm me too on both ends.

capleton · 2013-08-14 00:54:16

See this

and this

Looks like changing the remote login shell to BASH is the workaround for now.

Arch Linux

#1 2013-06-10 14:01:13

Can't login with password, PAM/SSH fail

#2 2013-06-10 16:52:03

Re: Can't login with password, PAM/SSH fail

#3 2013-06-11 06:58:43

Re: Can't login with password, PAM/SSH fail

#4 2013-06-11 08:27:56

Re: Can't login with password, PAM/SSH fail

#5 2013-06-13 20:43:44

Re: Can't login with password, PAM/SSH fail

#6 2013-08-10 08:14:04

Re: Can't login with password, PAM/SSH fail

#7 2013-08-12 17:51:53

Re: Can't login with password, PAM/SSH fail

#8 2013-08-13 09:08:53

Re: Can't login with password, PAM/SSH fail

#9 2013-08-13 09:33:58

Re: Can't login with password, PAM/SSH fail

#10 2013-08-14 00:54:16

Re: Can't login with password, PAM/SSH fail

Board footer