0

I have just completed a clean install of Ubuntu Server 11.04 x86. During installation, I selected OpenSSH, LAMP, and Tomcat as installation packages. On every previous installation of Ubuntu I have done, I can then log in to the new box by SSH using the user/password created during installation. For some reason, I cannot do that with this installation. I can log in on the command line (keyboard/monitor) just fine; however, this box is going to be placed somewhere without a keyboard and monitor, so I need to get it over SSH. Any ideas?

EDIT

/etc/ssh/sshd_config

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

/var/log/auth.log

Jul 14 09:45:00 test sshd[544]: Received signal 15; terminating.
Jul 14 09:45:00 test sshd[601]: Server listening on 0.0.0.0 port 22.
Jul 14 09:45:00 test sshd[601]: Server listening on :: port 22.
Jul 14 09:48:51 test sshd[884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.9.100  user=nik
Jul 14 09:48:53 test sshd[884]: Failed password for nik from 10.10.9.100 port 50295 ssh2
Jul 14 09:49:06 test sshd[884]: last message repeated 2 times
Jul 14 09:49:06 test sshd[884]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.10.9.100  user=nik
Jul 14 09:49:25 test login[829]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost=  user=nik
Jul 14 09:49:28 test login[829]: FAILED LOGIN (1) on '/dev/tty1' FOR 'nik', Authentication failure
Jul 14 09:49:36 test login[829]: pam_unix(login:session): session opened for user nik by LOGIN(uid=0)
Jul 14 09:59:00 test sudo: pam_unix(sudo:auth): authentication failure; logname=nik uid=0 euid=0 tty=/dev/tty1 ruser=nik rhost=  user=nik
Jul 14 09:59:04 test sudo:      nik : TTY=tty1 ; PWD=/var/www ; USER=root ; COMMAND=/bin/cp /etc/ssh/sshd_config ./sshd_config
Jul 14 10:06:24 test sudo:      nik : TTY=tty1 ; PWD=/var/www ; USER=root ; COMMAND=/bin/cp /var/log/auth.log ./auth.log
Daniel B.
  • 725
  • 7
  • 16
Nik
  • 115
  • 1
  • 8
  • probably a silly question, but does nik's password have special characters that may be susceptible of being affected by different locale settings (the server's locale vs the remote client). Try to change nik's password to something simple just to test. – hmontoliu Jul 14 '11 at 14:28
  • The password is only alphanumeric. – Nik Jul 14 '11 at 14:29
  • 2
    Just to clarify: you're using the same user for the successful-console-login as you are for the failed-SSH-login? – nickgrim Jul 14 '11 at 14:44
  • Yes, I am using the same user. – Nik Jul 14 '11 at 15:23
  • Does anything show up in /var/log/auth.log or /var/log/messages? Firewall setup perhaps? – OldTroll Jul 14 '11 at 13:23
  • One line says there was an authentication failure, and the next line says a session was opened. The timestamps are the same. – Nik Jul 14 '11 at 13:52
  • Put `sshd` LogLevel on DEBUG and paste output. – Ency May 08 '13 at 23:16
  • @Nik: here are some hints for troubleshooting. This method never failed. – 0xC0000022L May 09 '13 at 03:58

2 Answers2

1

check if ssh server is running: 

netstat -tapn |grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      14146/sshd

if not try restarting the ssh server

sudo /etc/init.d/ssh restart

and check again.

if the ssh script in /etc/init.d/ is missing the ssh server is not installed correctly.

Goez
  • 1,838
  • 1
  • 11
  • 15
  • I know the server is running, I can make a SSH connection, but it rejects my password every time. I should have mentioned that initially, sorry. – Nik Jul 14 '11 at 12:54
  • 1
    are u using the root account or normal account? does /var/log/auth.log say something in particular? – Goez Jul 14 '11 at 13:22
  • @Nik root or non-root seconded. and what about putting your `/etc/ssh/sshd_config` on pastebin so we can see it? – Michael Lowman Jul 14 '11 at 13:55
  • @Michael I don't quite understand what you mean. It won't let me log on with the user I created during the installation, but I have not explicitly enabled the root user (though I have successfully run `sudo` commands. I have added the config to my post. – Nik Jul 14 '11 at 13:59
  • @Nic, could u paste a bit of output from /var/log/auth.log and your /etc/ssh/sshd_config to pastebin? this way we can see if it is a configuration error or not – Goez Jul 14 '11 at 14:02
  • @Nik well, I was asking if the issue was because you were using the root user and a config that didn't allow that. But that doesn't apply here, unfortunately – Michael Lowman Jul 14 '11 at 14:04
  • I have posted the log. – Nik Jul 14 '11 at 14:08
  • your config seems ok. Try to ssh with verbose mode: ssh -v user@host or run sshd in debug mode (/etc/init.d/ssh stop ; /usr/sbin/sshd -d) and try to log in again. See if it gives some usefull information. Possible lame fix: try to change your password on the server , and then try to re-login. – Goez Jul 14 '11 at 14:22
  • I have changed my password on the server with no luck. – Nik Jul 14 '11 at 15:24
0

Try commenting out the "AcceptEnv LANG LC_*"

I had a similar issue too where it opened the session but then give an auth failure. This fixed it.

OPENSSH SFTP-SERVER authentication failure

Community
  • 1
the_server_woes
  • 23
  • 1
  • 1
  • 4
  • Hi, could you please write out what you were trying to say? Nothing in the FAQ seems relevant. Was it a problem with the link... the FAQ said it's ok if it has context... which I assume it being a potential answer would bring. The FAQ even tells me that it is good to bring answers, even if they are only partial. – the_server_woes May 09 '13 at 03:46
  • Yeah the link helps. It was a bit cryptic earlier when I was reviewing it, but in looking at it again and looking at the question I see what you were suggesting to the OP. Thanks for you attention to this! – slm May 09 '13 at 03:50