“Connection closed by [HOST IP]” using dsa key authentication

前端 未结 6 1836
难免孤独
难免孤独 2021-02-20 15:07

I have a shared /home setup using Perceus Cluster Software (http://perceus.org) for our Cluster. Nodes are using CentOS 6.1 x86_64. /home is shared from the head to the nodes b

相关标签:
6条回答
  • 2021-02-20 15:46

    The correct solutions is to fix the problem, not disable the pam usage, as you might be hiding a security problem.

    ssh is failing because PAM is denying the user login by failing some check. Verify the /etc/pam.d/sshd for what rules you have and what might be failing.

    most common problem is a user without password (compare the /etc/passwd with /etc/shadow, or check your /etc/nsswitch and /etc/pam.d/* to see where the users and auth is coming from), but also no home directory, missing some extra auth configuration, UID too low or too high, etc.

    If its the missing password, at least make sure you this in the /etc/ssh/sshd_config

    PermitEmptyPasswords no
    

    This blocks ssh to allow login on users without password (but does nothing to other protocols, like telnet, ftp, http and login).

    0 讨论(0)
  • 2021-02-20 15:47

    SOLUTION:

    Following the advice below I checked /var/log/security on the node (host). It showed:

    fatal: Access denied for user user by PAM account configuration
    

    I then edited /etc/ssh/sshd_config changing:

    UsePAM yes
    

    to

    UsePAM no
    

    Restarted the node and I can now perform password-less logins.

    Thanks!

    0 讨论(0)
  • 2021-02-20 15:51

    It is not good to use a passwordless authorization. Is selinux turned on those servers? If yes, then you have either to turn off selinux, or restore default selinux policies by "restorecon -R -v /home/user/. This is a known issue

    0 讨论(0)
  • 2021-02-20 16:04

    In my case, I haven not created the user using useradd, instead i have added the user in /etc/passwd file and created the home directory for the user with all required files.

    After using useradd to create the user and adding the pub key to the authorized_keys file after creating .ssh directory in the home directory of the user, the issue got resolved.

    By the way I am using centos 7

    Hope this helps some one.

    0 讨论(0)
  • 2021-02-20 16:12

    I had a very similar problem to yours.

    It turns out my problem, and possibly yours, was caused because my home directory was a NFS mount, and selinux (on CentOS 7) was throwing up some errors (which were quite hard to track down). The fix was simple though.

    setsebool -P use_nfs_home_dirs 1
    
    0 讨论(0)
  • 2021-02-20 16:12

    For me, I had corrupt pam.d files. I copied in a new set from a similar server and all was well again. I didn't take the time to look for the specific corruption, but thought I would add my 2 bits in case anyone reads this in the future and needs some more ideas.

    0 讨论(0)
提交回复
热议问题