[Solved] Ssh Login Rejected : authentication error for illegal user

mrfontana · #1 February 6th, 2009, 18:02

Hello all, I am having a problem with the lastest production release(7.1). When logging in through ssh, I am able to do it for the first few times, but then after that, my login keeps getting rejected with this error.

Code:

sshd[852]:error:pam:authentication error for illegal user

I have added AllowUsers with the correct user to the sshd_config files and restarted the server several times, yet my login is still being rejected. Any ideas as to what could be causing this?

graudeejs · #2 February 6th, 2009, 20:39

Have you changed default password encryption algorithm (/etc/auth.conf and /etc/login.conf) recently? (i had some problems with pam in past, i think it was due to my hardening, but i'm not sure)

----
I use public key authentication... works great btw.
http://forums.freebsd.org/showthread.php?t=1508

mrfontana · #3 February 6th, 2009, 21:01

Nope, everything is default from a fresh install. It worked once or twice, then it just stopped

anomie · #4 February 6th, 2009, 22:35

Quote:

Originally Posted by mrfontana

When logging in through ssh, I am able to do it for the first few times, but then after that, my login keeps getting rejected with this error.

Do you mean it worked following initial installation but then stopped working, and has not worked since? Or do you mean it works sporadically, but only for a few tries, and then it stops working for awhile?

Quote:

Originally Posted by mrfontana

Code:

sshd[852]:error:pam:authentication error for illegal user

Is that the entire message from auth.log? What user are you trying to log in as? What sort of client software are you using?

mrfontana · #5 February 6th, 2009, 23:07

I logged in like 3 times since the install, then it started and still does deny my login with the response to my client "Access Denied". I am using Putty as my client. The exact message I am getting from the auth.log is:

Code:

Invalid user bob from 192.168.1.50
error:PAM:authentication for illegal-user bob from windows-machine-name
Failed keyboard-interactive/pam for invalid user from 192.168.1.50 port 2982 ssh2

bob is the user I am trying to login with. It's a member of wheel if that helps.

anomie · #6 February 6th, 2009, 23:34

I'd be curious to see the output from a couple commands:

# egrep -i 'allow|deny' /etc/ssh/sshd_config

# grep 'bob' /etc/passwd

(I am also assuming you've reloaded or restarted sshd following and config file changes.)

johnblue · #7 February 6th, 2009, 23:53

Quote:

Originally Posted by anomie

I'd be curious to see the output from a couple commands:

Agreed. An invalid user is an invalid user. Here are some SSH hammer attempts from my auth.log:

Code:

Feb  5 21:41:27 Invalid user james from 208.96.162.136
Feb  5 21:41:28 Invalid user austin from 208.96.162.136
Feb  5 21:41:29 Invalid user jackson from 208.96.162.136
Feb  5 21:41:30 Invalid user justin from 208.96.162.136
Feb  5 21:41:31 Invalid user brandon from 208.96.162.136
Feb  5 21:41:32 Invalid user john from 208.96.162.136

mrfontana · #8 February 7th, 2009, 00:46

Absolutely right. I ran the command and found out the user was bob1 and I had added bob to the AllowUsers. Thanks for the help and sorry for wasting everyone's time with my noob mistake.

graudeejs · #9 February 7th, 2009, 00:58

small things make big difference

johnblue · #10 February 7th, 2009, 03:40

Quote:

Originally Posted by mrfontana

Thanks for the help and sorry for wasting everyone's time with my noob mistake.

I think most normal people associated with BSD are here to help and so no apologies are needed, but ya need to give props to anomie for helping ya with those grep statements.

mrfontana · #11 February 7th, 2009, 15:37

Yeah, big thanks to Anomie, those statements wrapped it up pretty quick. Great work. I am going to still checkout that guide for using keys, thanks to killasmurf86 as well.

malsaie · #12 February 12th, 2012, 11:57

[ Warning: bad and unsafe advice follows. -- Mod. ]

To enable SSH on FreeBSD

# vi /etc/ssh/sshd_config

Code:

PermitRootLogin no----> yes

:wq

# /etc/rc.d/sshd restart

kpa · #13 February 12th, 2012, 12:22

1) You're replying to a 3 year old thread

2) Your advice is dangerous unless your network is properly isolated from the hostile internet, do not enable ssh root login unless there's a good reason to.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
[Solved] SSH + LDAP + Public key authentication - can it be done?	dvdmandt	Web & Network Services	5	February 17th, 2011 09:09
How do get SSH login to work with authentication through OpenLDAP?	olav	Web & Network Services	2	December 15th, 2010 23:37
[Solved] SSH situation and authentication.	dragos240	Installing & Upgrading	4	September 23rd, 2010 03:10
[Solved] [XFCE] can´t login as root. Only as (standar) user can login.	rokpa92	Other Window Managers	17	September 11th, 2009 13:13
Authentication with SSH keys	dennylin93	Web & Network Services	3	July 30th, 2009 13:56