root can login to console but not via ssh

Damien Miller djm at mindrot.org
Wed Jul 18 08:22:10 AEST 2018



On Tue, 17 Jul 2018, Rob Marshall wrote:

> Hi,
> 
> I built OpenSSH 7.7p1-1 to try to include some security fixes for an old OS
> version (SLES 10). We use a special PAM module for root to allow us to
> provide auto-expiring passwords. There is, however, one root password that
> should always work. root can login just fine on the console, which I assume
> means that the PAM module is working correctly because I can use both the
> always should work password and an auto-expiring password. And if I provide
> a valid key in authorized_keys I can login via ssh without a password
> without any problems.
> 
> I can also login as root just fine via ssh prior to installing the RPM I
> built for OpenSSH 7.7p1-1. However, once I install it, I can no longer ssh
> as root. I saved the file: /etc/pam.d/sshd from prior to the install and
> restore it after the RPM is installed since it overwrites it. I have a
> /etc/pam.d/common-auth that has:
> test10:/etc/pam.d # cat sshd

> #%PAM-1.0
> auth     include        common-auth
> auth     required       pam_nologin.so

I think pam_nologin.so should be in the "account" rather than "auth" stack.

I.e.

account	required	pam_nologin.so

-d


More information about the openssh-unix-dev mailing list