[Eisfair] Kein SSH Login sei?==?utf-8?Q?t Update möglich
Herbi
herbi333 at gmx.net
So Jan 17 20:12:03 CET 2016
Stand: Base: 2.6.6., eiskernel 2.16.0 (3.2.71)
Putty Version 0.66, Standardeinstellungen belassen.
Habe Probleme mit SSH Login, nach Hochrüsten eines älteren eisfair
Versionsstandes funktioniert der SSH-Login nicht mehr, Konfiguration ist
aktiviert und mit den Standardeinstellungen belassen,
Konfigurationsdateien werden ordnungsgemäß erstellt. SSH läuft.
Ich komme bis zum Login, nach Passworteingabe dann „Access denied",
verschiedene User probiert, immer wieder das Gleiche.
Hier ein Auszug aus dem SSH-Log mit User „eis":
Jan 17 19:09:16 eis sshd[17351]: Server listening on 0.0.0.0 port 22.
Jan 17 19:09:16 eis sshd[17351]: Server listening on :: port 22.
Jan 17 19:09:56 eis sshd[17575]: Address 192.168.178.21 maps to
localhost, but this does not map back to the address - POSSIBLE BREAK-IN
ATTEMPT!
Jan 17 19:09:56 eis sshd[17582]: pam_warn(sshd:auth):
function=[pam_sm_authenticate] service=[sshd] terminal=[ssh] user=[eis]
ruser=[<unknown>] rhost=[192.168.178.21]
Jan 17 19:09:56 eis sshd[17575]: error: PAM: Authentication failure for
eis from 192.168.178.21
Jan 17 19:09:59 eis sshd[17575]: pam_warn(sshd:auth):
function=[pam_sm_authenticate] service=[sshd] terminal=[ssh] user=[eis]
ruser=[<unknown>] rhost=[192.168.178.21]
Jan 17 19:09:59 eis sshd[17575]: Failed password for eis from
192.168.178.21 port 49424 ssh2
Jan 17 19:14:57 eis sshd[17351]: Received signal 15; terminating.
Und das hier aus dem Putty-Log:
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2016.01.17 19:14:07
=~=~=~=~=~=~=~=~=~=~=~=
login as: eis
eis at 192.168.178.45's password:
Access denied
eis at 192.168.178.45's password:
Und hier noch die SSH Config:
#-----------------------------------------------------------------------
-------
# /etc/config.d/ssh - configuration file for ssh
#
# Creation : 2012-09-15 hbfl
# Last Update: 2016-01-03 root
#
# Copyright (c) 2001-2016 the eisfair team, team(at)eisfair(dot)org
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#-----------------------------------------------------------------------
-------
#-----------------------------------------------------------------------
-------
# SSH - secure shell (general settings)
#-----------------------------------------------------------------------
-------
START_SSH='yes'
# start ssh 'yes' or 'no'
SSH_DAEMON_MAN_CONFIG='no'
# SSH DAEMON manual configuration
'yes' or
# 'no'. If set to 'yes'
# file /etc/ssh/sshd_config will
# not be generated automatically. It
is your
# responsibility to create a valid
configuration
# file /etc/ssh/sshd_config.
SSH_DAEMON_START_METHOD='st'
# Start method for sshd.
# 'st' start sshd as standalone
server.
# 'xi' start sshd via xinetd.
# 'xi' requires START_XINETD='yes'.
SSH_PORT='22'
# ssh port, see also
FIREWALL_DENY_PORT_x
#-----------------------------------------------------------------------
-------
# SSH - secure shell (protocol settings)
#-----------------------------------------------------------------------
-------
SSH_SERVER_CIPHERS='default'
# allowed ciphers
SSH_SERVER_KEXS='default'
# allowed (Key Exchange) algorithms
SSH_SERVER_MACS='default'
# allowed MAC (message authentication
# code) algorithms
#-----------------------------------------------------------------------
-------
# SSH - secure shell (listen address settings)
#-----------------------------------------------------------------------
-------
SSH_LISTEN_ADDR_N='0'
# Number of addresses sshd should
listen to
# 0 - listen on all local addresses
SSH_LISTEN_ADDR_1_NAME=''
# Use a name, its only for you
SSH_LISTEN_ADDR_1_ACTIVE='no'
# Use: yes or no
SSH_LISTEN_ADDR_1='2'
# First ip address, sshd should listen
to
# use n'th ethernet card configured
in
# /etc/config.d/base.
# E.g. SSH_LISTEN_ADDR_1='2' points
to
# IP_ETH_2_IPADDR in
/etc/config.d/base.
#-----------------------------------------------------------------------
-------
# SSH - secure shell (allow/deny settings)
#
#
# Please use this settings with care.
# All four lists are checked when a login is
# done. So wrong settings could exclude an
# important user (e.g. root or eis) from login.
#-----------------------------------------------------------------------
-------
SSH_ALLOW_USER_N='0'
# Number of user name patterns.
# Login is allowed only for user
names
# that match one of the pattern. '*'
and
# '?' can be used as wildcards in the
# patterns.
# Default: 0 - login is allowed for
all users.
SSH_ALLOW_USER_1_NAME=''
# Use a name, its only for you
SSH_ALLOW_USER_1_ACTIVE='no'
# Use: yes or no
SSH_ALLOW_USER_1='root'
# First user name pattern.
SSH_DENY_USER_N='0'
# Number of user name patterns.
# Login is disallowed only for user
names
# that match one of the pattern. '*'
and
# '?' can be used as wildcards in the
# patterns.
# Default: 0 - login is allowed for
all users.
SSH_DENY_USER_1_NAME=''
# Use a name, its only for you
SSH_DENY_USER_1_ACTIVE='no'
# Use: yes or no
SSH_DENY_USER_1='batch'
# First user name pattern.
SSH_ALLOW_GROUP_N='0'
# Number of group name patterns.
# Login is allowed only for users
whose
# primary group or supplementary
group
# matches one of the pattern. '*' and
'?' can
# be used as wildcards in the
patterns.
# Default: 0 - login is allowed for
all groups.
SSH_ALLOW_GROUP_1_NAME=''
# Use a name, its only for you
SSH_ALLOW_GROUP_1_ACTIVE='no'
# Use: yes or no
SSH_ALLOW_GROUP_1='root'
# First group name pattern.
SSH_DENY_GROUP_N='0'
# Number of group name patterns.
# Login is disallowed only for users
whose
# primary group or supplementary
group
# matches one of the pattern. '*' and
'?' can
# be used as wildcards in the
patterns.
# Default: 0 - login is allowed for
all groups.
SSH_DENY_GROUP_1_NAME=''
# Use a name, its only for you
SSH_DENY_GROUP_1_ACTIVE='no'
# Use: yes or no
SSH_DENY_GROUP_1='batch'
# First group name pattern.
SSH_PERMITROOTLOGIN='yes'
# Secifies whether root can login
using ssh.
# 'yes' User root can login.
# 'no' User root can't login.
# 'without-password' Password
authentication
# for user root is disabled. Note that
other
# authentications (e.g.
keyboard-interactive/
# PAM) may still allow root to login
using a
# password.
# 'forced-commands-only' root login
with
# public key authentication will be
allowed,
# but only if the command option has
been
# specified.
#-----------------------------------------------------------------------
-------
# SSH - secure shell (public key settings for user root)
#-----------------------------------------------------------------------
-------
SSH_PUBLIC_KEY_N='0'
# number of public keys or keyfile to
add
# to /root/.ssh/authorized_keys
SSH_PUBLIC_KEY_1_NAME=''
# Use a name, its only for you
SSH_PUBLIC_KEY_1_ACTIVE='no'
# Use: yes or no
SSH_PUBLIC_KEY_1=''
# public key (identity.pub) generated
# by ssh-keygen
# If the first character is a slash
(/)
# the value is interpreted as an
absolut
# pathname of a file. The content of
this
# file is added to the file
# /root/.ssh/authorized_keys
#-----------------------------------------------------------------------
-------
# SSH - secure shell (additional settings)
#-----------------------------------------------------------------------
-------
SSH_MAX_STARTUPS='10'
# maximum number of concurrent
unauthenticated
# connections. default: 10
SSH_ENABLE_PRIV_SEPARATION='no'
# enable privilege separation: 'yes'
or 'no'
SSH_COMPRESSION='yes'
# allow compression: 'yes' or 'no'
SSH_STRICTMODES='yes'
# Use Strictmodes: 'yes' or 'no'
SSH_PASSWDAUTH='yes'
# Allow password authentication 'yes'
# or 'no'. If password authentication
# is not allowed you have to use key
# authentication. Check that key
# authentication works fine before
you
# set SSH_PASSWDAUTH to 'no'.
SSH_CH_RESPONSEAUTH='yes'
# Allow challenge response
authentication
# 'yes' or 'no'.
SSH_CLIENTALIVEINTERVAL='0'
# Timeout interval in seconds for
# client alive message.
# Default: 0 - no message
SSH_CLIENTALIVECOUNTMAX='3'
# Number of client alive messages
# until disconnection.
# Default: 3
#-----------------------------------------------------------------------
-------
# SSH - secure shell (subsystem settings)
#-----------------------------------------------------------------------
-------
SSH_ENABLE_SFTP='yes'
# activate sftp: 'yes' or 'no'
#-----------------------------------------------------------------------
-------
# SSH - secure shell (log level settings)
#-----------------------------------------------------------------------
-------
SSH_LOGLEVEL='INFO'
# Verbosity level that is used when
# logging messages from sshd.
# Values QUIET FATAL ERROR INFO
VERBOSE
# DEBUG DEBUG1 DEBUG2 DEBUG3 are
allowed.
# Default: INFO
# Logging with a DEBUG level violates
# the privacy of users and is not
# recommended.
SSH_USE_BTMP_LOGFILE='no'
# Use logfile /var/log/btmp 'yes' or
'no'.
# 'yes': Bad login attempts are
recorded in
# '/var/log/btmp'. File will be
created if missing.
# 'no': No recording of bad login
attempts in
# '/var/log/btmp'. File will be
deleted if existing.
# default: no
#-----------------------------------------------------------------------
-------
# End
#-----------------------------------------------------------------------
-------
Hat jemand eine Idee, komme irgendwie nicht weiter.
Besten Dank und Gruß, Herbi
Mehr Informationen über die Mailingliste Eisfair