Ok,
How about:
(my sentences start with -, the rest I found on google search: ssh permission denied
redhat)
- permissions on the home directories
- permissions on the shadow file (at least 400)
- create a new user right now, and try using it
- PAM (pluggable authentication module) may be installed. I've heard it's a default
on redhat. Is there a /etc/pam.d/sshd file? Here's a clip from a site:
If you build from the rpm source file with rpm --rebuild and then
install from the new i386 file found in /usr/src/redhat/RPMS/i386 the
default /etc/pam.d/sshd file gets created correctly, and no
problem.
* * *
There is a file in the OpenSSH source in the contrib/redhat subdirectory
named `sshd.pam'. You could just copy that to /etc/pam.d/sshd. There
is also an init script in that directory appropriate for placing in
/etc/rc.d/init.d
I may as well point out my (hopefully current) instructions for building
OpenSSL/OpenSSH: http://umn.edu/~hick0088/files/openssh-howto.html
- another clipit from the same page:
I found I can still use hosts.deny and hosts.allow as with telnet and
ftp. /etc/hosts.deny should deny everyone ALL: ALL and
/etc/hosts.allow should have a line like
sshd: <ipaddr> , <name>, <whatever> (or)
sshd: LOCAL, .localdomain whatever
* * *
Yes, although the OpenSSH daemon does not start from TCP wrappers, it
does compile in libwrap.a(?) which allows it to read the
/etc/hosts.allow and /etc/hosts.deny.
-Cory
On Thu, Dec 28, 2000 at 01:22:23PM -0800, Staley Mims wrote:
> I disabled the contents of hosts.deny. I can ftp fine to 127.0.0.1,
> also to the specific IP address, as well as to the FQDN.
>
> The telnet line in /etc/services and /etc/inetd.conf is identical
> to another machine that is functioning.
>
> When I ssh the server adds the host key and requests the user pw,
> then reports "Permission denied".
>
> Woody
>
> On Thu, 28 Dec 2000, Cory Petkovsek wrote:
>
> > You shouldn't be able to ssh in as root either (by the default setup). Can
> > you ssh/telnet locally? IE (ssh 127.0.0.1) to the redhat box?
> >
> > Do you think your hosts.deny saying all except telnet may be interfering
> > with ssh?
> >
> > What if you temporarily try another login service like an ftp server. And
> > try temporarily disabling your hosts.deny.
> >
> > The default install of 6.2 alllows telnet connections (unless there is some
> > security level like on mandrake. I don't remember if there is). So
> > something has been changed to disable telnet. Root shouldn't be allowed to
> > log in remotely through telnet by the /etc/securetty file.
> >
> > Cory
