"PAM rejected by account configuration" and "fatal: monitor_read: unsupported request: 24" problem at secong sshd instance
Istvan Viczian
vici at dof.se
Tue Jan 20 09:41:43 EST 2004
Hi,
I setup two sshd instance (using OpenSSH_3.5p1 bins on redhat7.2 kernel
2.4.20-19.7smp ) in order to achieve differnet sshd settings (e.g use
different auth.method) on two different network interfaces (both on port
22).
For example to setup Hostbased authetication on the 1st sshd
and RSA pub. key auth. on the second:
The 1st instance config file /etc/ssh/sshd_config looks like:
Protocol 2
ListenAddress 10.0.0.1
PidFile /var/run/sshd.pid
SyslogFacility DAEMON
LogLevel DEBUG3
IgnoreRhosts yes
HostbasedAuthentication yes
PubkeyAuthentication no
PasswordAuthentication no
PermitEmptyPasswords no
The 2nd instance config file: /etc/ssh2/sshd_config
almost the same with the necesary differences:
Protocol 2
ListenAddress 10.0.0.2
PidFile /var/run/sshd2.pid
SyslogFacility DAEMON
LogLevel DEBUG3
IgnoreRhosts yes
HostbasedAuthentication yes
PubkeyAuthentication no
PasswordAuthentication no
PermitEmptyPasswords no
( the second instance started with : sshd -f /etc/ssh2/sshd_config
without any problem)
When I started the two daemon, the first instance
( which uses the default /etc/ssh conf. dir.)
always worked properly (login from host 10.0.0.11 as user2)
independently form the used auth. method
, but the second daemon always failed after the successfull
authentication with
"PAM rejected by account configuration[]: User account has expired"
and
"fatal: monitor_read: unsupported request: 24"
error messages (see detailed logs below ).
I also tried to run only the second instance, and the same problem
appeared! So it seems for me that the problem is reduced to using non
default sshd config file!
sshd2 LOG in case of RSA pub. key was set on it:
#Jan 19 23:31:11 mach sshd2[2918]: debug1: trying public key file
/home/user2/.ssh/authorized_keys
#Jan 19 23:31:11 mach sshd2[2918]: debug3: secure_filename: checking
'/home/user2/.ssh'
#Jan 19 23:31:11 mach sshd2[2918]: debug3: secure_filename: checking
'/home/user2'
#Jan 19 23:31:11 mach sshd2[2918]: debug3: secure_filename: terminating
check at '/home/user2'
#Jan 19 23:31:11 mach sshd2[2918]: debug1: matching key found: file
/home/user2/.ssh/authorized_keys, line 1
#Jan 19 23:31:11 mach sshd2[2918]: Found matching RSA key:
fe:45:ce:60:fd:5c:a2:79:db:86:65:15:ad:d2:b2:e4
#Jan 19 23:31:11 mach sshd2[2918]: debug1: restore_uid: 0/0
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_answer_keyallowed: key
0x80a5928 is allowed
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_send entering: type 21
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_receive entering
#Jan 19 23:31:11 mach sshd2[2918]: debug3: monitor_read: checking request 22
#Jan 19 23:31:11 mach sshd2[2918]: debug1: ssh_rsa_verify: signature correct
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_answer_keyverify: key
0x80a5b40 signature verified
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_send entering: type 23
#Jan 19 23:31:11 mach sshd2[2918]: debug2: pam_acct_mgmt() = 13
#Jan 19 23:31:11 mach sshd2[2918]: PAM rejected by account
configuration[13]: User account has expired
#Jan 19 23:31:11 mach sshd2[2918]: Failed publickey for user2 from
10.0.0.11 port 16760 ssh2
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_receive entering
#Jan 19 23:31:11 mach sshd2[2918]: debug3: monitor_read: checking request 24
#Jan 19 23:31:11 mach sshd2[2918]: fatal: monitor_read: unsupported
request: 24
#Jan 19 23:31:11 mach sshd2[2918]: debug1: Calling cleanup 0x8054370(0x0)
sshd2 LOG in case of Hostbased Auth. was set on it:
#Jan 19 21:11:22 mach sshd2[21184]: debug2: userauth_hostbased: access
allowed by auth_rhosts2
#Jan 19 21:11:22 mach sshd2[21184]: debug3: check_host_in_hostfile:
#filename /etc/ssh/ssh_known_hosts
#Jan 19 21:11:22 mach sshd2[21184]: debug3: check_host_in_hostfile:
match line 6
#Jan 19 21:11:22 mach sshd2[21184]: debug2: check_key_in_hostfiles: key
ok for test1.fas.utv.skanova.net
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_answer_keyallowed: key
0x80a60a8 is allowed
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_append_debug: Appending
debug messages for child
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_send entering:
type 21
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_receive entering
#Jan 19 21:11:22 mach sshd2[21184]: debug3: monitor_read: checking
request 22
#Jan 19 21:11:22 mach sshd2[21184]: debug1: ssh_rsa_verify: signature
correct
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_answer_keyverify: key
0x80a62f8 signature verified
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_send entering:
type 23
#Jan 19 21:11:22 mach sshd2[21184]: debug2: pam_acct_mgmt() = 13
#Jan 19 21:11:22 mach sshd2[21184]: PAM rejected by account
configuration[13]: User account has expired
#Jan 19 21:11:22 mach sshd2[21184]: Failed hostbased for user2 from
10.0.0.11 port 16708 ssh2
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_receive entering
#Jan 19 21:11:22 mach sshd2[21184]: debug3: monitor_read: checking
request 24
#Jan 19 21:11:22 mach sshd2[21184]: fatal: monitor_read: unsupported
request: 24
#Jan 19 21:11:22 mach sshd2[21184]: debug1: Calling cleanup 0x8054370(0x0)
Any ideas what can be the problem?
Regards,
Istvan
More information about the openssh-unix-dev
mailing list