Cannot SSH in with what looks like a PAM failure

milogert · 2016-10-11 23:03:32

I am having issues ssh'ing into my remote machine. It prompts for a password or key passphrase and then immediately closes the connection:

~ > ssh 192.168.0.51
Enter passphrase for key '/home/milo/.ssh/id_rsa': 
Connection to 192.168.0.51 closed by remote host.
Connection to 192.168.0.51 closed.

journalctl logs from right after that command:

-- Logs begin at Mon 2016-05-23 03:27:43 CDT, end at Tue 2016-10-11 17:57:24 CDT. --
Oct 11 17:56:28 pig sonarr[509]: [Info] RssSyncService: Starting RSS Sync
Oct 11 17:56:31 pig sonarr[509]: [Info] DownloadDecisionMaker: Processing 100 releases
Oct 11 17:56:32 pig sonarr[509]: [Info] RssSyncService: RSS Sync Completed. Reports found: 100, Reports grabbed: 0
Oct 11 17:57:18 pig systemd[1]: Started OpenSSH Per-Connection Daemon (192.168.0.50:34214).
Oct 11 17:57:18 pig sshd[2169]: Connection from 192.168.0.50 port 34214 on 192.168.0.51 port 22
Oct 11 17:57:18 pig sshd[2169]: Postponed publickey for milo from 192.168.0.50 port 34214 ssh2 [preauth]
Oct 11 17:57:24 pig sshd[2169]: pam_access(sshd:account): conversation failed
Oct 11 17:57:24 pig sshd[2169]: pam_access(sshd:account): auth could not identify password for [milo]
Oct 11 17:57:24 pig sshd[2169]: Failed publickey for milo from 192.168.0.50 port 34214 ssh2: RSA SHA256:5uPoK6WTcZwo/6QJaBWMDhzWbk/xgnKG31+SGWpFhOg
Oct 11 17:57:24 pig sshd[2169]: fatal: Access denied for user milo by PAM account configuration [preauth]

You will notice there is some pam junk in there. As a side issue (but less annoying) I have to enter my password twice on console login.

sshd_config (yes, it's messy):

#	$OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Ciphers and keying
#RekeyLimit default none

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
X11UseLocalhost no
#PermitTTY yes
PermitRootLogin no
PrintMotd no # pam does that
LogLevel VERBOSE
PermitEmptyPasswords no
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	/usr/lib/ssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server

Things I have tried so far:

reinstalling pambase
reinstalling pam
resetting my /etc/shadow passwords (deleting all the passwords and just recreating them)
turning it off and on again

I have another machine on the same network (where I am sshing from) and the pam directory seems to be pretty much the same (barring any extra programs my problem machine might have).

Any hints on this to point me in the right direction?

Let me know if you need any other files from me. I am happy to provide them in exchange for a server I can remote into normally.

okubax · 2016-10-12 11:38:44

what's the output of

ssh -vvv 192.168.0.51

milogert · 2016-10-12 22:01:18

~ > ssh 192.168.0.51 -vvv
OpenSSH_7.3p1, OpenSSL 1.0.2j  26 Sep 2016
debug1: Reading configuration data /home/milo/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "192.168.0.51" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.0.51 [192.168.0.51] port 22.
debug1: Connection established.
debug1: identity file /home/milo/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/milo/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/milo/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/milo/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/milo/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/milo/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/milo/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/milo/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.3
debug1: match: OpenSSH_7.3 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.0.51:22 as 'milo'
debug3: hostkeys_foreach: reading file "/home/milo/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/milo/.ssh/known_hosts:14
debug3: load_hostkeys: loaded 1 keys from 192.168.0.51
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:U0xYzdoEcDPQfGdD/MU809JO2JH38VveiPm/PYrah2A
debug3: hostkeys_foreach: reading file "/home/milo/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/milo/.ssh/known_hosts:14
debug3: load_hostkeys: loaded 1 keys from 192.168.0.51
debug1: Host '192.168.0.51' is known and matches the ECDSA host key.
debug1: Found key in /home/milo/.ssh/known_hosts:14
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /home/milo/.ssh/id_rsa (0x5572bd0246c0)
debug2: key: /home/milo/.ssh/id_dsa ((nil))
debug2: key: /home/milo/.ssh/id_ecdsa ((nil))
debug2: key: /home/milo/.ssh/id_ed25519 ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/milo/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:5uPoK6WTcZwo/6QJaBWMDhzWbk/xgnKG31+SGWpFhOg
debug3: sign_and_send_pubkey: RSA SHA256:5uPoK6WTcZwo/6QJaBWMDhzWbk/xgnKG31+SGWpFhOg
Enter passphrase for key '/home/milo/.ssh/id_rsa': 
debug3: send packet: type 50
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.0.51 ([192.168.0.51]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: send packet: type 1
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t3 r-1 i0/0 o0/0 fd 4/5 cc -1)

Connection to 192.168.0.51 closed by remote host.
Connection to 192.168.0.51 closed.
Transferred: sent 2684, received 1792 bytes, in 0.0 seconds
Bytes per second: sent 37776885.7, received 25222123.4
debug1: Exit status -1

alanchen · 2016-10-13 04:23:31

Having exactly the same problem. Error log looks very similar.

Everything worked fine until I woke up today. Suddenly I cannot ssh into my machine, and console required me to enter password twice. (How weird!)

No configuration changed, no pacman -Syu.

It just happened for no reason.

Last edited by alanchen (2016-10-13 04:25:09)

R00KIE · 2016-10-13 12:27:52

I would check the configuration on the machine you are trying to log into. Things like shell configuration comes to mind.

This seems to imply the authentication went well but for some reason the connection was closed by the remote site.

Connection to 192.168.0.51 closed by remote host.
Connection to 192.168.0.51 closed.

Also, if this is a problem after an update try to downgrade the updated packages and update one by one (or as little packages as possible) until you catch the culprit.

ijanos · 2016-10-13 13:08:36

Are you using gnome? Does this command solve the problem?

export SSH_AUTH_SOCK=/run/user/1000/keyring/ssh

Then I think it is this bug hitting again: https://bugs.archlinux.org/task/44583

milogert · 2016-10-13 21:37:39

R00KIE wrote:

I would check the configuration on the machine you are trying to log into. Things like shell configuration comes to mind.
This seems to imply the authentication went well but for some reason the connection was closed by the remote site.
Connection to 192.168.0.51 closed by remote host.
Connection to 192.168.0.51 closed.
Also, if this is a problem after an update try to downgrade the updated packages and update one by one (or as little packages as possible) until you catch the culprit.

Do you have any suggestions for the shell configuration? I am using zsh with a working config on several other machines and I tried to create a second user with just the default bash shell and config. Same results.

Like @alachen, I just woke up and it was like this, so I don't suspect it's an upgrade thing.

milogert · 2016-10-13 21:38:32

ijanos wrote:

Are you using gnome? Does this command solve the problem?
export SSH_AUTH_SOCK=/run/user/1000/keyring/ssh
Then I think it is this bug hitting again: https://bugs.archlinux.org/task/44583

I am not using Gnome but I gave that a shot anyways. Didn't change anything though.

alanchen · 2016-10-14 01:35:44

milogert wrote:

R00KIE wrote:
I would check the configuration on the machine you are trying to log into. Things like shell configuration comes to mind.
This seems to imply the authentication went well but for some reason the connection was closed by the remote site.
Connection to 192.168.0.51 closed by remote host.
Connection to 192.168.0.51 closed.
Also, if this is a problem after an update try to downgrade the updated packages and update one by one (or as little packages as possible) until you catch the culprit.
Do you have any suggestions for the shell configuration? I am using zsh with a working config on several other machines and I tried to create a second user with just the default bash shell and config. Same results.
Like @alachen, I just woke up and it was like this, so I don't suspect it's an upgrade thing.

should be @alanchen

Not using gnome either.

My local machine uses zsh too, with basically the default oh-my-zsh configuration.

The only change I can think of is the date...

Last edited by alanchen (2016-10-14 01:36:19)

R00KIE · 2016-10-14 12:54:07

If it doesn't work with a new user and a clean shell configuration then I guess we can rule out something in the files that get sourced/executed when you login, but do check if you might have something configured system wide on that particular machine that might be causing trouble. Still regarding shells, you could try with a new user and use bash instead of zsh, just to make sure it is not something zsh related.

Now that you mention date, I don't know if ssh/pam might close the connection if the dates are too far apart, just make sure you are running an ntp client on all machines to make sure the time is correct on all of them.

I mentioned updates because you might have updated the machine, continue using it, then shut it down and when you use it the next time the new programs/libraries will be used and things will look broken without an apparent reason.

milogert · 2016-10-14 20:32:21

R00KIE wrote:

If it doesn't work with a new user and a clean shell configuration then I guess we can rule out something in the files that get sourced/executed when you login, but do check if you might have something configured system wide on that particular machine that might be causing trouble. Still regarding shells, you could try with a new user and use bash instead of zsh, just to make sure it is not something zsh related.

New user with bash didn't work, so I think shell config is for sure out as the culprit. Additionally I have the same zsh config running on three machines (problem one, daily driver, and my work computer) so I think that's fine.

R00KIE wrote:

Now that you mention date, I don't know if ssh/pam might close the connection if the dates are too far apart, just make sure you are running an ntp client on all machines to make sure the time is correct on all of them.
I mentioned updates because you might have updated the machine, continue using it, then shut it down and when you use it the next time the new programs/libraries will be used and things will look broken without an apparent reason.

Now this is a path I have not followed yet! I will look into it this weekend. When you say "too far apart" you mean milliseconds or seconds, right? The dates are the same, but I am not sure about the times. They have to be close but I never really check.

Now that you mention it though, I did notice a discrepancy between the log times above and the time that I was trying to ssh into the machine from. I was trying to time journalctl to pare down the logs and the times were always around a minute off. Maybe I am misremembering though.

Like I said: I will post again this weekend, hopefully with some good news! Thanks again for the help, whether or not it solves it!

EDIT: is there a place I can read about the time leeway for network applications like that? Seems like a really hard-to-diagnose problem.

Last edited by milogert (2016-10-14 20:34:49)

R00KIE · 2016-10-15 01:00:51

Now that I think about it I guess ssh doesn't care about big time differences. I have a couple of ARM boards which always start with large time differences and I can always ssh in so that should not be the problem. It did cross my mind because dnssec cares about that.

Regarding information about how much leeway you have for network application, that I know of there is no central point of information where you can find that information, and even scattered around may not be that easy to find without digging into the standards, the usual fix is always "run an ntp client to keep time in sync".

Leonid.I · 2016-10-15 02:26:11

Hmm, quite puzzling. I can not reproduce this issue in my setup, by connecting to an up-to-date VM from a host, last updated 10 days ago... These entries trouble me:

Oct 11 17:57:18 pig sshd[2169]: Postponed publickey for milo from 192.168.0.50 port 34214 ssh2 [preauth]
Oct 11 17:57:24 pig sshd[2169]: pam_access(sshd:account): conversation failed
Oct 11 17:57:24 pig sshd[2169]: pam_access(sshd:account): auth could not identify password for [milo]
Oct 11 17:57:24 pig sshd[2169]: Failed publickey for milo from 192.168.0.50 port 34214 ssh2: RSA SHA256:5uPoK6WTcZwo/6QJaBWMDhzWbk/xgnKG31+SGWpFhOg
Oct 11 17:57:24 pig sshd[2169]: fatal: Access denied for user milo by PAM account configuration [preauth]

Although the client says that publickey atuh succeeded. So, my suggestion would be
1. Use default /etc/ssh/sshd_config server-side, and default /etc/ssh/ssh_config and empty ~/.ssh/config on the client;
2. Do not run systemd socket activated sshd, but the plain sshd.service;
3. Disable/stop sshd.service and sshd.socket, and run "sshd -ddd" in a screen/tmux (to capture messages to stdout) instance on the server...

milogert · 2016-10-16 22:29:57

Finally got on my computer this morning. Time was not the issue it seems, although I did adjust my hardware clock since I found that it was around a minute and a half out of sync.

Leonid.I wrote:

Hmm, quite puzzling. I can not reproduce this issue in my setup, by connecting to an up-to-date VM from a host, last updated 10 days ago... These entries trouble me:
Oct 11 17:57:18 pig sshd[2169]: Postponed publickey for milo from 192.168.0.50 port 34214 ssh2 [preauth]
Oct 11 17:57:24 pig sshd[2169]: pam_access(sshd:account): conversation failed
Oct 11 17:57:24 pig sshd[2169]: pam_access(sshd:account): auth could not identify password for [milo]
Oct 11 17:57:24 pig sshd[2169]: Failed publickey for milo from 192.168.0.50 port 34214 ssh2: RSA SHA256:5uPoK6WTcZwo/6QJaBWMDhzWbk/xgnKG31+SGWpFhOg
Oct 11 17:57:24 pig sshd[2169]: fatal: Access denied for user milo by PAM account configuration [preauth]
Although the client says that publickey atuh succeeded. So, my suggestion would be
1. Use default /etc/ssh/sshd_config server-side, and default /etc/ssh/ssh_config and empty ~/.ssh/config on the client;
2. Do not run systemd socket activated sshd, but the plain sshd.service;
3. Disable/stop sshd.service and sshd.socket, and run "sshd -ddd" in a screen/tmux (to capture messages to stdout) instance on the server...

1. Ensured this. I don't have any wacky options enabled like some blocks only for certain clients/hosts/etc.
2. Done.
3. I ran

sudo /usr/bin/sshd -ddd

and what follows is the output:

debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 341
debug2: parse_server_config: config /etc/ssh/sshd_config len 341
debug3: /etc/ssh/sshd_config:54 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:76 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:97 setting UsePAM yes
debug3: /etc/ssh/sshd_config:102 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:104 setting X11UseLocalhost no
debug3: /etc/ssh/sshd_config:106 setting PermitRootLogin no
debug3: /etc/ssh/sshd_config:107 setting PrintMotd no 
debug3: /etc/ssh/sshd_config:108 setting LogLevel VERBOSE
debug3: /etc/ssh/sshd_config:129 setting Subsystem sftp	/usr/lib/ssh/sftp-server
debug1: sshd version OpenSSH_7.3, OpenSSL 1.0.2j  26 Sep 2016
debug1: private host key #0: ssh-rsa SHA256:5Wye8IazPo/fsXkcPYXjyV0dtKnvUUzub2Tw50yrQQw
debug1: private host key #1: ssh-dss SHA256:PAQW+tE0AD3San9XqxeL9RjtTfjC9b/QnJvsrLIbZJ4
debug1: private host key #2: ecdsa-sha2-nistp256 SHA256:U0xYzdoEcDPQfGdD/MU809JO2JH38VveiPm/PYrah2A
debug1: private host key #3: ssh-ed25519 SHA256:zsU82D81sJefZ6QF9m//qqcTOS8Wzl9ZnegJAAeaf7Y
debug1: rexec_argv[0]='/usr/bin/sshd'
debug1: rexec_argv[1]='-ddd'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug3: fd 5 is not O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 8 config len 341
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 192.168.0.50 port 41250 on 192.168.0.51 port 22
debug1: Client protocol version 2.0; client software version OpenSSH_7.3
debug1: match: OpenSSH_7.3 pat OpenSSH* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing seccomp filter sandbox
debug2: Network child is on pid 1226
debug3: preauth child monitor started
debug3: privsep user:group 99:99 [preauth]
debug1: permanently_set_uid: 99/99 [preauth]
debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth]
debug3: ssh_sandbox_child: attaching seccomp filter program [preauth]
debug3: list_hostkey_types: ssh-dss key not permitted by HostkeyAlgorithms [preauth]
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 [preauth]
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com [preauth]
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,zlib@openssh.com [preauth]
debug2: compression stoc: none,zlib@openssh.com [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c [preauth]
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa [preauth]
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc [preauth]
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc [preauth]
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,zlib@openssh.com,zlib [preauth]
debug2: compression stoc: none,zlib@openssh.com,zlib [preauth]
debug2: languages ctos:  [preauth]
debug2: languages stoc:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug1: kex: algorithm: curve25519-sha256@libssh.org [preauth]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256 [preauth]
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug3: receive packet: type 30 [preauth]
debug3: mm_key_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: hostkey proof signature 0x5588ecb5e620(100)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
debug3: mm_request_receive_expect entering: type 7 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: send packet: type 31 [preauth]
debug3: send packet: type 21 [preauth]
debug2: set_newkeys: mode 1 [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug3: send packet: type 7 [preauth]
debug3: receive packet: type 21 [preauth]
debug2: set_newkeys: mode 0 [preauth]
debug1: rekey after 134217728 blocks [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug3: receive packet: type 5 [preauth]
debug3: send packet: type 6 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user milo service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug3: mm_getpwnamallow entering [preauth]
debug3: mm_request_send entering: type 8 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 8
debug3: mm_answer_pwnamallow
debug2: parse_server_config: config reprocess config len 341
debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
debug3: mm_request_send entering: type 9
debug2: monitor_read: 8 used once, disabling now
debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
debug3: mm_request_receive_expect entering: type 9 [preauth]
debug3: mm_request_receive entering [preauth]
debug2: input_userauth_request: setting up authctxt for milo [preauth]
debug3: mm_start_pam entering [preauth]
debug3: mm_request_send entering: type 100 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 100
debug1: PAM: initializing for "milo"
debug1: PAM: setting PAM_RHOST to "192.168.0.50"
debug1: PAM: setting PAM_TTY to "ssh"
debug2: monitor_read: 100 used once, disabling now
debug3: mm_inform_authserv entering [preauth]
debug3: mm_request_send entering: type 4 [preauth]
debug2: input_userauth_request: try method none [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
debug3: send packet: type 51 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user milo service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug1: userauth_pubkey: test whether pkalg/pkblob are acceptable for RSA SHA256:5uPoK6WTcZwo/6QJaBWMDhzWbk/xgnKG31+SGWpFhOg [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 4
debug3: mm_answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x5588ecb695b0
debug1: temporarily_use_uid: 1000/100 (e=0/0)
debug1: trying public key file /home/milo/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /home/milo/.ssh/authorized_keys, line 1 RSA SHA256:5uPoK6WTcZwo/6QJaBWMDhzWbk/xgnKG31+SGWpFhOg
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x5588ecb695b0 is allowed
debug3: mm_request_send entering: type 23
debug3: send packet: type 60 [preauth]
debug2: userauth_pubkey: authenticated 0 pkalg rsa-sha2-512 [preauth]
Postponed publickey for milo from 192.168.0.50 port 41250 ssh2 [preauth]
debug3: receive packet: type 50 [preauth]
debug1: userauth-request for user milo service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 0 [preauth]
debug2: input_userauth_request: try method publickey [preauth]
debug3: userauth_pubkey: have signature for RSA SHA256:5uPoK6WTcZwo/6QJaBWMDhzWbk/xgnKG31+SGWpFhOg [preauth]
debug3: mm_key_allowed entering [preauth]
debug3: mm_request_send entering: type 22 [preauth]
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
debug3: mm_request_receive_expect entering: type 23 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 22
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x5588ecb69b80
debug1: temporarily_use_uid: 1000/100 (e=0/0)
debug1: trying public key file /home/milo/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /home/milo/.ssh/authorized_keys, line 1 RSA SHA256:5uPoK6WTcZwo/6QJaBWMDhzWbk/xgnKG31+SGWpFhOg
debug1: restore_uid: 0/0
debug3: mm_answer_keyallowed: key 0x5588ecb69b80 is allowed
debug3: mm_request_send entering: type 23
debug3: mm_key_verify entering [preauth]
debug3: mm_request_send entering: type 24 [preauth]
debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth]
debug3: mm_request_receive_expect entering: type 25 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 24
debug3: mm_answer_keyverify: key 0x5588ecb6a1d0 signature verified
debug3: mm_request_send entering: type 25
debug3: mm_request_receive_expect entering: type 102
debug3: mm_request_receive entering
debug1: do_pam_account: called
debug3: PAM: sshpam_store_conv called with 1 messages
debug3: PAM: do_pam_account pam_acct_mgmt = 20 (Authentication token manipulation error)
debug3: mm_request_send entering: type 103
Failed publickey for milo from 192.168.0.50 port 41250 ssh2: RSA SHA256:5uPoK6WTcZwo/6QJaBWMDhzWbk/xgnKG31+SGWpFhOg
debug2: userauth_pubkey: authenticated 1 pkalg rsa-sha2-512 [preauth]
debug3: mm_do_pam_account entering [preauth]
debug3: mm_request_send entering: type 102 [preauth]
debug3: mm_request_receive_expect entering: type 103 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_do_pam_account returning 0 [preauth]
Access denied for user milo by PAM account configuration [preauth]
debug1: do_cleanup [preauth]
debug3: PAM: sshpam_thread_cleanup entering [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 1226

It looks like, near the bottom, there is some pam failures.. I am not sure exactly what they mean since I have not Googled around yet, but I will take a peek. Also, if it wasn't clear from the last line, the server actually exited once my ssh command returned "Connection closed." I am not sure if it's a crash or if that's actually the way it's supposed to work.

Thanks again for the help.

Leonid.I · 2016-10-17 01:19:31

So, does it work with a password? I assume you can login to the account from console... I don't understand why it says Failed public key...

EDIT: And yes, sshd is supposed to exit when the connection is closed. It would also exit if you login successfully and typed 'exit'. See man sshd (search for '-d').

Last edited by Leonid.I (2016-10-17 01:22:17)

alanchen · 2016-10-17 02:52:27

Leonid.I wrote:

So, does it work with a password? I assume you can login to the account from console... I don't understand why it says Failed public key...
EDIT: And yes, sshd is supposed to exit when the connection is closed. It would also exit if you login successfully and typed 'exit'. See man sshd (search for '-d').

No password doesn't work in my case. Indeed I can login from console, but weirdly I must enter the password twice. I suspect that must be some links between these two problems, ssh auth problem and the problem of prompting password request twice in the console. I searched for the latter problem, it seems that it is a configuration problem occurring in /etc/pam.d/ . However, resetting the configuration in this directory does not work.

Last edited by alanchen (2016-10-17 06:24:53)

milogert · 2016-10-18 00:50:31

Leonid.I wrote:

So, does it work with a password? I assume you can login to the account from console... I don't understand why it says Failed public key...

It says Failed Public Key because I have been using a key with a passphrase (like in my first post). I did attempt with a username and password, but that gave the same results.

I can log in via the console, but like I said in my first post it asks for my password twice.

Leonid.I · 2016-10-18 01:03:27

Even assuming that these two issues are related, we will need to see some auth.log. If you suspect that smth happened to files in /etc/pam.d, run this to see which ones were modified...

for p in $(find /etc/pam.d -type f -exec pacman -Qo '{}' \; | awk '{print $5}' | sort -u); do pacman -Qii $p | grep -P '^MODIFIED\t/etc/pam\.d'; done

Leonid.I · 2016-10-18 01:20:18

milogert wrote:

Leonid.I wrote:
So, does it work with a password? I assume you can login to the account from console... I don't understand why it says Failed public key...
It says Failed Public Key because I have been using a key with a passphrase (like in my first post). I did attempt with a username and password, but that gave the same results.
I can log in via the console, but like I said in my first post it asks for my password twice.

The same PAM error?

If you are asked to enter passwd twice, there is smth wrong in /etc/pam.d... Check which files are modified from their default state...

milogert · 2016-10-18 01:20:58

Leonid.I wrote:

Even assuming that these two issues are related, we will need to see some auth.log. If you suspect that smth happened to files in /etc/pam.d, run this to see which ones were modified...
for p in $(find /etc/pam.d -type f -exec pacman -Qo '{}' \; | awk '{print $5}' | sort -u); do pacman -Qii $p | grep -P '^MODIFIED\t/etc/pam\.d'; done

Running that command gives no output, so, from what I can gather there is no modified files there?

Leonid.I · 2016-10-18 05:20:26

Right. So can you guys modify /etc/pam.d/system-auth and add "debug" to the list of pam_unix.so arguments in the "auth"-type entries? Because I'm running out of ideas here

alanchen · 2016-10-18 11:23:15

P.S Can anyone with the same problem start their mysql server?
Suddenly I cannot start my mysql server, even the client "mysql -V" does not work, with no output and the prompt is hanged until I press ctrl-C.
Weird enough.

milogert · 2016-10-18 23:57:25

Leonid.I wrote:

Right. So can you guys modify /etc/pam.d/system-auth and add "debug" to the list of pam_unix.so arguments in the "auth"-type entries? Because I'm running out of ideas here

I can do that. Is there a good way to pull just the pam junk with journalctl? Or, is there a specific place pam logs debug information?

Leonid.I · 2016-10-19 05:50:03

I don't know. I'd just enable debug, then try to login from console and over ssh, and inspect the logs (just plain journalctl). Alternatively, run journalctl -f (-f for follow) in a tty/screen and also try to authenticate. The problem is that I don't know what kind of messages PAM will spew out...

milogert · 2016-10-24 14:04:59

Hey, sorry for such a delay in responding.

I tried enabling debugging in system-auth (I believe that was the one) and it didn't really provide much more information.

On a potentially related note though, I followed the journal while logging in to the console (which asks for auth twice).

If I failed on the first prompt I got a login:auth pam failure. If I failed on the second try I got a login:account failure.. So that might be something?

I can post logs later tonight when I have access to the machine.

Arch Linux

#1 2016-10-11 23:03:32

Cannot SSH in with what looks like a PAM failure

#2 2016-10-12 11:38:44

Re: Cannot SSH in with what looks like a PAM failure

#3 2016-10-12 22:01:18

Re: Cannot SSH in with what looks like a PAM failure

#4 2016-10-13 04:23:31

Re: Cannot SSH in with what looks like a PAM failure

#5 2016-10-13 12:27:52

Re: Cannot SSH in with what looks like a PAM failure

#6 2016-10-13 13:08:36

Re: Cannot SSH in with what looks like a PAM failure

#7 2016-10-13 21:37:39

Re: Cannot SSH in with what looks like a PAM failure

#8 2016-10-13 21:38:32

Re: Cannot SSH in with what looks like a PAM failure

#9 2016-10-14 01:35:44

Re: Cannot SSH in with what looks like a PAM failure

#10 2016-10-14 12:54:07

Re: Cannot SSH in with what looks like a PAM failure

#11 2016-10-14 20:32:21

Re: Cannot SSH in with what looks like a PAM failure

#12 2016-10-15 01:00:51

Re: Cannot SSH in with what looks like a PAM failure

#13 2016-10-15 02:26:11

Re: Cannot SSH in with what looks like a PAM failure

#14 2016-10-16 22:29:57

Re: Cannot SSH in with what looks like a PAM failure

#15 2016-10-17 01:19:31

Re: Cannot SSH in with what looks like a PAM failure

#16 2016-10-17 02:52:27

Re: Cannot SSH in with what looks like a PAM failure

#17 2016-10-18 00:50:31

Re: Cannot SSH in with what looks like a PAM failure

#18 2016-10-18 01:03:27

Re: Cannot SSH in with what looks like a PAM failure

#19 2016-10-18 01:20:18

Re: Cannot SSH in with what looks like a PAM failure

#20 2016-10-18 01:20:58

Re: Cannot SSH in with what looks like a PAM failure

#21 2016-10-18 05:20:26

Re: Cannot SSH in with what looks like a PAM failure

#22 2016-10-18 11:23:15

Re: Cannot SSH in with what looks like a PAM failure

#23 2016-10-18 23:57:25

Re: Cannot SSH in with what looks like a PAM failure

#24 2016-10-19 05:50:03

Re: Cannot SSH in with what looks like a PAM failure

#25 2016-10-24 14:04:59

Re: Cannot SSH in with what looks like a PAM failure

Board footer