sshd misconfiguration in 4.3 machines
From fhernand@cs.unc.edu Sat Sep 8 19:25:33 2001
Date: Sat, 08 Sep 2001 18:59:19 -0400
From: Felix Hernandez
To: dirt@cs.unc.edu
Subject: sshd and PAM in 4.3 machines
Hi,
Almost all our 4.3 machines do not accept ssh connections due to a
misconfiguration. Any connection attempt in one of these machines will
result in the following error messages:
root@pericles (root)$ ssh -l fhernand octavius10
fhernand@octavius10's password:
Connection to octavius10 closed by remote host.
Connection to octavius10 closed.
and the following entries added to /var/log/messages in the machine
receiving the connection attempt:
Sep 8 13:06:54 pericles sshd[24652]: no modules loaded for `sshd'
service
Sep 8 13:06:54 pericles sshd[24652]: fatal: PAM session setup failed
[6]: Permission denied
Sep 8 13:06:54 pericles sshd[24652]: no modules loaded for `sshd'
service
The cause of this behavior is a recent change in sshd. This daemon has
been reimplemented using the PAM libraries, and therefore, sshd
authentication must be explicitly enabled in /etc/pam.conf. Although
the 4.3 default installation does this, one of our installation scripts
was relying in an old version of pam.conf that did not include rules
concerning sshd. As a consequence, /etc/pam.conf must be updated in all
our 4.3 machines in order to accept ssh connections. The easiest way to
do this is to run
cp /usr/dirt/dist/pam.conf.4.3 /etc/pam.conf
Felix Hernandez