SSH: PAM authentication error for myuser from IP

S

soulviasound

Hi,

I have a problem and can't figure out how to resolve:

I just installed a FreeBSD 8.3 on virtualbox with bridge option as network adapter and I get this message when I try to connect to machine via SSH from a local network machine, I get this message:

Code: 
error: PAM : authentication error for usertest from 192.168.178.26

But when I try to connect via SSH directly from machine, everything work great.

Right now /etc/ssh/sshd_conf is in the default state, but I have tried to enable:

Code: 
PasswordAuthentication yes
ChallengeResponseAuthentication yes
UsePAM yes

without any succes. So I have revert to default.

Any sugestions
 
Are you sure you are connecting to the right sshd (I mean to the guest machine's and not to the host's machine)? If so, are you able to connect to the guest sshd from the host machine? Give us some network settings on both machines.
 
Thank you for reply mamlos,

Since the FreeBSD (guest) machine work on a bridge adaptor, it have it's own IP (in this case 192.168.178.28), so I'm sure and I also don't run any SSH server on host (would refuse connection).

In fact when I said a "from local network machine", I refereed to the HOST terminal.

ifconfig for HOST (OSX):

Code: 
en0: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	ether 90:2b:34:30:53:09 
	inet6 fe80::922b:34ff:fe30:5309%en0 prefixlen 64 scopeid 0x4 
	inet 192.168.178.26 netmask 0xffffff00 broadcast 192.168.178.255
	media: autoselect (1000baseT <full-duplex>)
	status: active

ifconfig for guest (FreeBSD):

Code: 
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 08:00:27:3f:07:23 
	inet6 fe80::922b:34ff:fe30:5309%em0 prefixlen 64 scopeid 0x4 
	inet 192.168.178.28 netmask 0xffffff00 broadcast 192.168.178.255
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
 
The error message comes from /var/log/auth.log of FreeBSD? If not, what are the error messages of this file? Are you sure you're using correct username and or password for testuser? There is no good reason why an ssh connection should work for some network nodes and not work for others, unless it's a firewall issue. But since you're connecting to the machines ssh port, then it can't be that.

Lastly, have you tried a NATed configuration with port redirection to see if that works?
 
I found the problem, but still with have some questions.

The password contained "(" character and I use a german layout keyboard. I changed to a simple password and it worked. Even so, in my OSX terminal I see exactly what I type, I tried to type the password in a non hide field and it's ok. OSX terminal shouldn't send exactly what I see ? I manage another Free BSD server with same keyboard, same terminal and it worked great.

I tried different keyboard layouts on the problematic Free BSD (even it doesn't make sense), same error.

Any ideea ? It's there a "Follow system keyboard layout" option for SSH ?

Thank's for help.
 
I want to mention that I have tested the password with others SSH clients, SSH app for iOS and Putty: same problem.

I even changed the keyboards layouts on SSH client. Same error.
 
Sorry for multi post. I don't see any edit button.

And what it's stranger. When I type the password directly on server (not remote), it worked even if I change the FreeBSD keyboard layout.

Lets say the original password is:
Code: 
password(

If i switch to US layout and type it like I would be in german layout, the password become:
Code: 
password*

Why the hell it accept it as a valid password ?
 
I'd suggest you start another thread for your new questions (someone may help you that is unaware about SSH questions), and to be honest, if I were you, I'd use key-based authentication with SSH and not password based (except if it is needed for some un-explainable reason).
 
Thank you. I will start another thread, I'm very curios about this problem.

Yes, usually I use SSH key with passphrase, but because I can't copy/paste public key without a remote terminal, I wanted to connect remote and then copy/paste the public key.
 
I understand...but for that matter you can use a password not containing these "infamous" characters and move on with this problem.

Good luck.
 
You must log in or register to reply here.
Back
Top