cannot su user nor ssh user - Setup

This is a discussion on cannot su user nor ssh user - Setup ; I created the user "operator" but cannot ssh nor su to the computer. Please help. I created the passwd by the "openssl passwd -1" command. # useradd operator -p "\$1\$nrKQ3Kh3\$2xfjrejrejreklffdfdpj/" -s /bin/ bash -u 0 -o -g 0 # mkdir ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: cannot su user nor ssh user

  1. cannot su user nor ssh user

    I created the user "operator" but cannot ssh nor su to the computer.
    Please help.

    I created the passwd by the "openssl passwd -1" command.

    # useradd operator -p "\$1\$nrKQ3Kh3\$2xfjrejrejreklffdfdpj/" -s /bin/
    bash -u 0 -o -g 0
    # mkdir -p /home/operator
    # chage -d 0 operator

    # echo "AllowUsers operator" >> /etc/ssh/sshd_config

    Then I restart the sshd daemon.

    $ ssh operator@172.20.11.46
    operator@172.20.11.46's password:
    Permission denied, please try again.

    # tail -n 30 /var/log/secure
    ....
    Jul 9 14:50:52 rose sshd[899]: pam_unix(sshd:auth): authentication
    failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.20.11.46
    user=operator
    Jul 9 14:50:54 rose sshd[899]: Failed password for operator from
    172.20.11.46 port 38341 ssh2

    $ su operator
    Password:
    su: incorrect password


  2. Re: cannot su user nor ssh user

    wong_powah@yahoo.ca wrote:
    > I created the user "operator" but cannot ssh nor su to the computer.
    > Please help.
    >
    > I created the passwd by the "openssl passwd -1" command.
    >
    > # useradd operator -p "\$1\$nrKQ3Kh3\$2xfjrejrejreklffdfdpj/" -s /bin/
    > bash -u 0 -o -g 0
    > # mkdir -p /home/operator
    > # chage -d 0 operator
    >
    > # echo "AllowUsers operator" >> /etc/ssh/sshd_config
    >
    > Then I restart the sshd daemon.
    >
    > $ ssh operator@172.20.11.46
    > operator@172.20.11.46's password:
    > Permission denied, please try again.
    >
    > # tail -n 30 /var/log/secure
    > ...
    > Jul 9 14:50:52 rose sshd[899]: pam_unix(sshd:auth): authentication
    > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.20.11.46
    > user=operator
    > Jul 9 14:50:54 rose sshd[899]: Failed password for operator from
    > 172.20.11.46 port 38341 ssh2
    >
    > $ su operator
    > Password:
    > su: incorrect password
    >


    Try
    su -
    password:
    passwd operator
    :

  3. Re: cannot su user nor ssh user

    On Jul 11, 3:13 am, The Natural Philosopher wrote:
    > wong_po...@yahoo.ca wrote:
    > > I created the user "operator" but cannot ssh nor su to the computer.
    > > Please help.

    >
    > > I created the passwd by the "openssl passwd -1" command.

    >
    > > # useradd operator -p "\$1\$nrKQ3Kh3\$2xfjrejrejreklffdfdpj/" -s /bin/
    > > bash -u 0 -o -g 0
    > > # mkdir -p /home/operator
    > > # chage -d 0 operator

    >
    > > # echo "AllowUsers operator" >> /etc/ssh/sshd_config

    >
    > > Then I restart the sshd daemon.

    >
    > > $ ssh opera...@172.20.11.46
    > > opera...@172.20.11.46's password:
    > > Permission denied, please try again.

    >
    > > # tail -n 30 /var/log/secure
    > > ...
    > > Jul 9 14:50:52 rose sshd[899]: pam_unix(sshd:auth): authentication
    > > failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.20.11.46
    > > user=operator
    > > Jul 9 14:50:54 rose sshd[899]: Failed password for operator from
    > > 172.20.11.46 port 38341 ssh2

    >
    > > $ su operator
    > > Password:
    > > su: incorrect password

    >
    > Try
    > su -
    > password:
    > passwd operator
    > :


    I can change the password but cannot ssh (I tried both old and new
    password).

    $ su -
    Password:

    # passwd operator
    Changing password for user operator.
    New UNIX password:
    Retype new UNIX password:
    passwd: all authentication tokens updated successfully.

    $ ssh operator@172.20.11.46
    operator@172.20.11.46's password:
    Permission denied, please try again.
    operator@172.20.11.46's password:


  4. Re: cannot su user nor ssh user

    wong_powah@yahoo.ca wrote:
    > On Jul 11, 3:13 am, The Natural Philosopher wrote:
    >> wong_po...@yahoo.ca wrote:
    >>> I created the user "operator" but cannot ssh nor su to the computer.
    >>> Please help.
    >>> I created the passwd by the "openssl passwd -1" command.
    >>> # useradd operator -p "\$1\$nrKQ3Kh3\$2xfjrejrejreklffdfdpj/" -s /bin/
    >>> bash -u 0 -o -g 0
    >>> # mkdir -p /home/operator
    >>> # chage -d 0 operator
    >>> # echo "AllowUsers operator" >> /etc/ssh/sshd_config
    >>> Then I restart the sshd daemon.
    >>> $ ssh opera...@172.20.11.46
    >>> opera...@172.20.11.46's password:
    >>> Permission denied, please try again.
    >>> # tail -n 30 /var/log/secure
    >>> ...
    >>> Jul 9 14:50:52 rose sshd[899]: pam_unix(sshd:auth): authentication
    >>> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.20.11.46
    >>> user=operator
    >>> Jul 9 14:50:54 rose sshd[899]: Failed password for operator from
    >>> 172.20.11.46 port 38341 ssh2
    >>> $ su operator
    >>> Password:
    >>> su: incorrect password

    >> Try
    >> su -
    >> password:
    >> passwd operator
    >> :

    >
    > I can change the password but cannot ssh (I tried both old and new
    > password).
    >
    > $ su -
    > Password:
    >
    > # passwd operator
    > Changing password for user operator.
    > New UNIX password:
    > Retype new UNIX password:
    > passwd: all authentication tokens updated successfully.
    >
    > $ ssh operator@172.20.11.46
    > operator@172.20.11.46's password:
    > Permission denied, please try again.
    > operator@172.20.11.46's password:
    >


    Right. Its a different message this time tho. Password is OK..but...

    ...It either doesn't have 'operator', or your incoming IP address as an
    allowable entity.

    I don't run ssh so can't help with config file details.

  5. Re: cannot su user nor ssh user

    On Wed, 11 Jul 2007 06:35:14 -0700, wong_powa wrote:

    >> wong_po...@yahoo.ca wrote:


    >> > # useradd operator -p "\$1\$nrKQ3Kh3\$2xfjrejrejreklffdfdpj/" -s /bin/
    >> > bash -u 0 -o -g 0
    >> > # mkdir -p /home/operator
    >> > # chage -d 0 operator


    That is a completely bogus method of creating a user account. According
    to useradd(8) the login name is *last*, you failed to specify the
    account's home directory and create it and you have done something rather
    stupid by creating an additional root account.

    > $ ssh operator@172.20.11.46
    > operator@172.20.11.46's password:
    > Permission denied, please try again.
    > operator@172.20.11.46's password:


    In /etc/ssh/sshd_config what does this line look like:

    PermitRootLogin no


  6. Re: cannot su user nor ssh user

    On 2007-07-11, Dave Uhring wrote:
    > On Wed, 11 Jul 2007 06:35:14 -0700, wong_powa wrote:
    >
    >>> wong_po...@yahoo.ca wrote:

    >
    >>> > # useradd operator -p "\$1\$nrKQ3Kh3\$2xfjrejrejreklffdfdpj/" -s /bin/
    >>> > bash -u 0 -o -g 0
    >>> > # mkdir -p /home/operator
    >>> > # chage -d 0 operator

    >
    > That is a completely bogus method of creating a user account. According
    > to useradd(8) the login name is *last*,


    Most GNU/Linux utilities can have the options anywhere on the line.

    > you failed to specify the account's home directory and create it


    According to the version on my system, specifying the home
    directory is optional.

    Note that useradd is not standardized, and there could be dozens of
    versions in the wild, all with different syntax and options.

    > and you have done something rather stupid by creating an additional
    > root account.


    There's nothing stupid about it; it is the normal method of
    creating a different shell environment for a superuser.


    --
    Chris F.A. Johnson, author |
    Shell Scripting Recipes: | My code in this post, if any,
    A Problem-Solution Approach | is released under the
    2005, Apress | GNU General Public Licence

  7. Re: cannot su user nor ssh user

    On Wed, 11 Jul 2007 15:33:12 -0400, Chris F.A. Johnson wrote:

    > On 2007-07-11, Dave Uhring wrote:


    >> That is a completely bogus method of creating a user account. According
    >> to useradd(8) the login name is *last*,

    >
    > Most GNU/Linux utilities can have the options anywhere on the line.


    Slackware-11.0

    useradd [-c comment] [-d home_dir]
    [-e expire_date] [-f inactive_time]
    [-g initial_group] [-G group[,...]]
    [-m [-k skeleton_dir]] [-o] [-p passwd]
    [-s shell] [-u uid] login

    Ubuntu Server

    useradd [options] LOGIN

    CentOS release 4.4 (Final)

    useradd [-c comment] [-d home_dir]
    [-e expire_date] [-f inactive_time]
    [-g initial_group] [-G group[,...]]
    [-m [-k skeleton_dir] | -M] [-n] [-o] [-p passwd] [-r] [-l]
    [-s shell] [-u uid] login

    Seems to me that the login name is last in all three examples.

    >> you failed to specify the account's home directory and create it

    >
    > According to the version on my system, specifying the home
    > directory is optional.


    What is the error message when a homeless user logs in?

    > Note that useradd is not standardized, and there could be dozens of
    > versions in the wild, all with different syntax and options.


    The three examples I posted probably cover just about all distros.

    >> and you have done something rather stupid by creating an additional
    >> root account.

    >
    > There's nothing stupid about it; it is the normal method of
    > creating a different shell environment for a superuser.


    Giving attackers an additional root account and password merely *doubles*
    the probability of system compromise.


+ Reply to Thread