Hello,
I have several Freeipa clients and a Freeipa server (4.2.4-1.fc23).
3 of them are causing trouble. No user can log into them either through lightdm or via ssh from another desktop.
Here user smith is trying to connect to amelia from doe's account:
[doe@nina ~] $ ssh smith@amelia
smith@amelia's password:
Permission denied, please try again.
smith@amelia's password:
Permission denied, please try again.
smith@amelia's password:
packet_write_wait: Connection to UNKNOWN port 0: Broken pipe
Below are some logs when user 'smith' is trying to log in on desktop 'amelia', one of those 3 desktops:
And user 'smith' has no problem loging in other desktops.
User 'smith' will eventually be able to login later today without me doing anything to fix this.
Any idea how I can fix this problem?
Thank you
Best regards,
Fuji
----------------------------------------
# systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2016-04-08 08:08:30 CEST; 3 days ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 1337 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1344 (sshd)
CGroup: /system.slice/sshd.service
└─1344 /usr/sbin/sshdApr 11 08:27:29 amelia.opera sshd[5007]: Connection closed by 10.0.21.200 port 49700 [preauth]
Apr 11 08:51:21 amelia.opera sshd[5707]: error: AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys root failed, status 1
Apr 11 08:51:21 amelia.opera sshd[5707]: error: AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys root failed, status 1
Apr 11 08:51:21 amelia.opera sshd[5707]: Accepted publickey for root from 10.0.21.200 port 50798 ssh2: RSA SHA256:kur/vJcNV6ksMFGaMzN9eqhBUMertS7cvRZqU64dMCk
Apr 11 08:52:30 amelia.opera sshd[5791]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.21.200 user=smith
Apr 11 08:52:30 amelia.opera sshd[5791]: pam_sss(sshd:auth): received for user smith: 4 (System error)
Apr 11 08:52:30 amelia.opera sshd[5791]: Failed password for smith from 10.0.21.200 port 50830 ssh2
Apr 11 09:04:26 amelia.opera sshd[6924]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.21.200 user=smith
Apr 11 09:04:26 amelia.opera sshd[6924]: pam_sss(sshd:auth): received for user smith: 4 (System error)
Apr 11 09:04:26 amelia.opera sshd[6924]: Failed password for smith from 10.0.21.200 port 51440 ssh2Apr 11 09:05:03 amelia.opera sshd[6924]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.21.200 user=smith
Apr 11 09:05:03 amelia.opera sshd[6924]: pam_sss(sshd:auth): received for user smith: 4 (System error)
Apr 11 09:05:03 amelia.opera sshd[6924]: pam_reauthorize: couldn't set permissions on kernel key: reauthorize/secret/smith: Permission denied
Apr 11 09:05:03 amelia.opera sshd[6924]: Failed password for smith from 10.0.21.200 port 51440 ssh2----------------------------------------
in /var/log/secure:
Apr 11 08:50:54 amelia lightdm: pam_sss(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=smith
Apr 11 08:50:54 amelia lightdm: pam_sss(lightdm:auth): received for user smith: 4 (System error)
Apr 11 08:51:21 amelia sshd[5707]: error: AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys root failed, status 1
Apr 11 08:51:21 amelia sshd[5707]: error: AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys root failed, status 1
Apr 11 08:51:21 amelia sshd[5707]: Accepted publickey for root from 10.0.21.200 port 50798 ssh2: RSA SHA256:kur/vJcNV6ksMFGaMzN9eqhBUMertS7cvRZqU64dMCk
Apr 11 08:51:21 amelia sshd[5707]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 11 08:52:30 amelia sshd[5791]: pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.21.200 user=smith
Apr 11 08:52:30 amelia sshd[5791]: pam_sss(sshd:auth): received for user smith: 4 (System error)
Apr 11 08:52:30 amelia sshd[5791]: Failed password for smith from 10.0.21.200 port 50830 ssh2
Apr 11 08:55:02 amelia systemd: pam_unix(systemd-user:session): session opened for user pcp by (uid=0)
----------------------------------------
in /var/log/message:
Apr 11 08:52:27 amelia audit: CRYPTO_KEY_USER pid=5792 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=SHA256:3c:91:77:85:c3:d9:70:e2:de:f1:d6:8d:f6:7d:c3:0c:f8:1b:33:70:79:c0:56:55:8c:7e:09:79:ba:c2:8b:a4 direction=?
spid=5792 suid=0 exe="/usr/sbin/sshd" hostname=? addr=10.0.21.200 terminal=? res=success'
Apr 11 08:52:27 amelia audit: CRYPTO_KEY_USER pid=5792 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=SHA256:92:c4:7d:59:e2:e5:56:47:d1:7c:e9:2a:f9:d6:45:9e:5d:90:7c:59:2c:28:6f:32:1d:88:8e:25:cc:3c:44:a7 direction=?
spid=5792 suid=0 exe="/usr/sbin/sshd" hostname=? addr=10.0.21.200 terminal=? res=success'
Apr 11 08:52:27 amelia audit: CRYPTO_KEY_USER pid=5792 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=SHA256:fb:2b:9b:15:d6:87:b7:d9:f3:05:19:a4:56:ce:13:e4:88:44:03:90:94:4c:e7:2c:28:81:60:b5:f2:e1:2e:be direction=?
spid=5792 suid=0 exe="/usr/sbin/sshd" hostname=? addr=10.0.21.200 terminal=? res=success'
Apr 11 08:52:27 amelia audit: CRYPTO_SESSION pid=5791 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-server cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256@libssh.org spid=5792 suid=
74 rport=50830 laddr=10.0.21.210 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.21.200 terminal=? res=success'
Apr 11 08:52:27 amelia audit: CRYPTO_SESSION pid=5791 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-client cipher=chacha20-poly1305@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256@libssh.org spid=5792 suid=
74 rport=50830 laddr=10.0.21.210 lport=22 exe="/usr/sbin/sshd" hostname=? addr=10.0.21.200 terminal=? res=success'
Apr 11 08:52:27 amelia audit: USER_AUTH pid=5791 uid=0 auid=4294967295 ses=4294967295 msg='op=pubkey acct="smith" exe="/usr/sbin/sshd" hostname=? addr=10.0.21.200 terminal=ssh res=failed'
Apr 11 08:52:30 amelia [sssd[krb5_child[5795]]]: Error constructing AP-REQ armor: Ticket not yet valid
Apr 11 08:52:30 amelia [sssd[krb5_child[5795]]]: Error constructing AP-REQ armor: Ticket not yet valid
Apr 11 08:52:30 amelia audit: USER_AUTH pid=5791 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="smith" exe="/usr/sbin/sshd" hostname=10.0.21.200 addr=10.0.21.200 terminal=ssh res=failed'
Apr 11 08:52:30 amelia audit: USER_AUTH pid=5791 uid=0 auid=4294967295 ses=4294967295 msg='op=password acct="smith" exe="/usr/sbin/sshd" hostname=? addr=10.0.21.200 terminal=ssh res=failed'