"PAM rejected by account configuration" and "fatal: monitor_read: unsupported request: 24" problem at secong sshd instance

Istvan Viczian vici at dof.se
Tue Jan 20 09:41:43 EST 2004 

Hi,

I setup two sshd instance (using OpenSSH_3.5p1 bins on redhat7.2  kernel 
2.4.20-19.7smp ) in order to achieve differnet sshd settings (e.g use 
different auth.method) on two different network interfaces (both on port 
22).

For example to setup Hostbased authetication on the 1st sshd
and RSA pub. key auth. on the second:

The 1st instance config file /etc/ssh/sshd_config looks like:

  Protocol 2
  ListenAddress 10.0.0.1
  PidFile /var/run/sshd.pid
  SyslogFacility DAEMON
  LogLevel DEBUG3
  IgnoreRhosts yes
  HostbasedAuthentication yes
  PubkeyAuthentication no
  PasswordAuthentication no
  PermitEmptyPasswords no

The 2nd instance config file: /etc/ssh2/sshd_config
almost the same with the necesary differences:

  Protocol 2
  ListenAddress 10.0.0.2
  PidFile /var/run/sshd2.pid
  SyslogFacility DAEMON
  LogLevel DEBUG3
  IgnoreRhosts yes
  HostbasedAuthentication yes
  PubkeyAuthentication no
  PasswordAuthentication no
  PermitEmptyPasswords no

( the second instance started with : sshd -f /etc/ssh2/sshd_config 
without any problem)

When I started the two daemon, the first instance
( which uses the default /etc/ssh conf. dir.)
always worked properly (login from host 10.0.0.11 as user2)
independently form the used auth. method
, but the second daemon always failed after the successfull 
authentication with

   "PAM rejected by account configuration[]: User account has expired"
   and
   "fatal: monitor_read: unsupported request: 24"

error messages (see detailed logs below ).

I also tried to run only the second instance, and the same problem
appeared! So it seems for me that the problem is reduced to using non 
default sshd config file!


sshd2 LOG in case of RSA pub. key was set on it:

#Jan 19 23:31:11 mach sshd2[2918]: debug1: trying public key file 
/home/user2/.ssh/authorized_keys
#Jan 19 23:31:11 mach sshd2[2918]: debug3: secure_filename: checking 
'/home/user2/.ssh'
#Jan 19 23:31:11 mach sshd2[2918]: debug3: secure_filename: checking 
'/home/user2'
#Jan 19 23:31:11 mach sshd2[2918]: debug3: secure_filename: terminating 
check at '/home/user2'
#Jan 19 23:31:11 mach sshd2[2918]: debug1: matching key found: file 
/home/user2/.ssh/authorized_keys, line 1
#Jan 19 23:31:11 mach sshd2[2918]: Found matching RSA key: 
fe:45:ce:60:fd:5c:a2:79:db:86:65:15:ad:d2:b2:e4
#Jan 19 23:31:11 mach sshd2[2918]: debug1: restore_uid: 0/0
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_answer_keyallowed: key 
0x80a5928 is allowed
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_send entering: type 21
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_receive entering
#Jan 19 23:31:11 mach sshd2[2918]: debug3: monitor_read: checking request 22
#Jan 19 23:31:11 mach sshd2[2918]: debug1: ssh_rsa_verify: signature correct
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_answer_keyverify: key 
0x80a5b40 signature verified
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_send entering: type 23
#Jan 19 23:31:11 mach sshd2[2918]: debug2: pam_acct_mgmt() = 13
#Jan 19 23:31:11 mach sshd2[2918]: PAM rejected by account 
configuration[13]: User account has expired
#Jan 19 23:31:11 mach sshd2[2918]: Failed publickey for user2 from 
10.0.0.11 port 16760 ssh2
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_receive entering
#Jan 19 23:31:11 mach sshd2[2918]: debug3: monitor_read: checking request 24
#Jan 19 23:31:11 mach sshd2[2918]: fatal: monitor_read: unsupported 
request: 24
#Jan 19 23:31:11 mach sshd2[2918]: debug1: Calling cleanup 0x8054370(0x0)


sshd2 LOG in case of Hostbased Auth. was set on it:

#Jan 19 21:11:22 mach sshd2[21184]: debug2: userauth_hostbased: access 
allowed by auth_rhosts2
#Jan 19 21:11:22 mach sshd2[21184]: debug3: check_host_in_hostfile: 
#filename /etc/ssh/ssh_known_hosts
#Jan 19 21:11:22 mach sshd2[21184]: debug3: check_host_in_hostfile: 
match line 6
#Jan 19 21:11:22 mach sshd2[21184]: debug2: check_key_in_hostfiles: key 
ok for test1.fas.utv.skanova.net
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_answer_keyallowed: key 
0x80a60a8 is allowed
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_append_debug: Appending 
debug messages for child
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_send entering: 
type 21
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_receive entering
#Jan 19 21:11:22 mach sshd2[21184]: debug3: monitor_read: checking 
request 22
#Jan 19 21:11:22 mach sshd2[21184]: debug1: ssh_rsa_verify: signature 
correct
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_answer_keyverify: key 
0x80a62f8 signature verified
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_send entering: 
type 23
#Jan 19 21:11:22 mach sshd2[21184]: debug2: pam_acct_mgmt() = 13
#Jan 19 21:11:22 mach sshd2[21184]: PAM rejected by account 
configuration[13]: User account has expired
#Jan 19 21:11:22 mach sshd2[21184]: Failed hostbased for user2 from 
10.0.0.11 port 16708 ssh2
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_receive entering
#Jan 19 21:11:22 mach sshd2[21184]: debug3: monitor_read: checking 
request 24
#Jan 19 21:11:22 mach sshd2[21184]: fatal: monitor_read: unsupported 
request: 24
#Jan 19 21:11:22 mach sshd2[21184]: debug1: Calling cleanup 0x8054370(0x0)



Any ideas what can be the problem?
Regards,
Istvan

More information about the openssh-unix-dev mailing list