root can login to console but not via ssh
Damien Miller
djm at mindrot.org
Wed Jul 18 08:22:10 AEST 2018
On Tue, 17 Jul 2018, Rob Marshall wrote:
> Hi,
>
> I built OpenSSH 7.7p1-1 to try to include some security fixes for an old OS
> version (SLES 10). We use a special PAM module for root to allow us to
> provide auto-expiring passwords. There is, however, one root password that
> should always work. root can login just fine on the console, which I assume
> means that the PAM module is working correctly because I can use both the
> always should work password and an auto-expiring password. And if I provide
> a valid key in authorized_keys I can login via ssh without a password
> without any problems.
>
> I can also login as root just fine via ssh prior to installing the RPM I
> built for OpenSSH 7.7p1-1. However, once I install it, I can no longer ssh
> as root. I saved the file: /etc/pam.d/sshd from prior to the install and
> restore it after the RPM is installed since it overwrites it. I have a
> /etc/pam.d/common-auth that has:
> test10:/etc/pam.d # cat sshd
> #%PAM-1.0
> auth include common-auth
> auth required pam_nologin.so
I think pam_nologin.so should be in the "account" rather than "auth" stack.
I.e.
account required pam_nologin.so
-d
More information about the openssh-unix-dev
mailing list