This discussion is archived
8 Replies Latest reply: Nov 2, 2011 8:23 AM by Dude! RSS

ssh session suddenly closed after successfully login.- pam_unix(sshd:sessio

733470 Newbie
Currently Being Moderated
All
ssh session suddenly closed after successfully login.
Linux server integrated to Active Directory , joined domain , pulled all users and groups from domain.
When user from AD tries to login using ssh , it gives below errors and closes SSH session.

/var/log/secure
sshd[7092]: pam_unix(sshd:session): session opened for user
sshd[7092]: pam_unix(sshd:session): session closed for user
Does anyone know how to fix this issues.
thanks
  • 1. Re: ssh session suddenly closed after successfully login.- pam_unix(sshd:sessio
    Dude! Guru
    Currently Being Moderated
    You should at least provide the product and the distribution and version of Linux you are using This may not be the right forum. Perhaps you would like to give "Likewise Open" a try, which is a free Open Source product and apparently simplifies the task to join Linux and other systems to AD.
  • 2. Re: ssh session suddenly closed after successfully login.- pam_unix(sshd:sessio
    733470 Newbie
    Currently Being Moderated
    Linux = OEL 5.7 Integrating to Active Directory on Windows 2008 server .
    Hardware = Dell Blades on X86

    Problem Description: Linux (OEL5.7) SSH login fails with pam_unix(sshd:session): session closed for user.
    Linux server 2.6.18-274.3.1.0.1.el5 is integrated to Active Directory and joined the domain. The server can pull user and groups from Active Directory.

    While Active Directory users try to login to Linux through SSH , it throws below error on /var/log/secure and closes the session immediately.

    Error:
    Nov 1 12:54:30 LNTTARITETSDB1 sshd[7092]: pam_unix(sshd:session): session opened for user rmokkala by (uid=0)
    Nov 1 12:54:42 LNTTARITETSDB1 sshd[7092]: pam_unix(sshd:session): session closed for user rmokkala

    Thanks in advance.
  • 3. Re: ssh session suddenly closed after successfully login.- pam_unix(sshd:sessio
    Dude! Guru
    Currently Being Moderated
    You problem might be related to PAM configuration requirements.. Do you use winbind? I suggest to try:
     ssh -v -v <user@ip_or_server_dns>
    ...and see at which stage it fails.
  • 4. Re: ssh session suddenly closed after successfully login.- pam_unix(sshd:sessio
    733470 Newbie
    Currently Being Moderated
    It successfully allows me to login to Linux server and then throws me out of SSH session. Please see below commands.


    [root@LNTTAVMRITEBJ2 ~]# pam_tally2 -u rmokkala
    Login Failures Latest failure From
    rmokkala 0

    [root@LNTTAVMRITEBJ2 ~]# faillog -u rmokkala
    Login Failures Maximum Latest On
    rmokkala 0 0 12/31/69 18:00:00 -0600


    thanks in advance.
  • 5. Re: ssh session suddenly closed after successfully login.- pam_unix(sshd:sessio
    Dude! Guru
    Currently Being Moderated
    pam_tally2 is typically used in /etc/pam.d/system-auth to lock an account after failed logins.

    To unlock an account use e.g. "pam_tally2 -r -u oracle"

    Pl see my previous response.

    Also I wonder about rmokkala and uid=0, which must be used by root only. How did you make rmokkala=UID 0?
  • 6. Re: ssh session suddenly closed after successfully login.- pam_unix(sshd:sessio
    733470 Newbie
    Currently Being Moderated
    Here is ssh -v -v output


    [root@LNTTAVMRITEBJ2 ~]# ssh -v -v -v kneal@172.20.50.42

    OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

    debug1: Reading configuration data /etc/ssh/ssh_config

    debug1: Applying options for *

    debug2: ssh_connect: needpriv 0

    debug1: Connecting to 172.20.50.42 [172.20.50.42] port 22.

    debug1: Connection established.

    debug1: permanently_set_uid: 0/0

    debug1: identity file /root/.ssh/identity type -1

    debug1: identity file /root/.ssh/id_rsa type -1

    debug1: identity file /root/.ssh/id_dsa type -1

    debug1: loaded 3 keys

    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3

    debug1: match: OpenSSH_4.3 pat OpenSSH*

    debug1: Enabling compatibility mode for protocol 2.0

    debug1: Local version string SSH-2.0-OpenSSH_4.3

    debug2: fd 3 setting O_NONBLOCK

    debug1: SSH2_MSG_KEXINIT sent

    debug1: SSH2_MSG_KEXINIT received

    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

    debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit: first_kex_follows 0

    debug2: kex_parse_kexinit: reserved 0

    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se

    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    debug2: kex_parse_kexinit: none,zlib@openssh.com

    debug2: kex_parse_kexinit: none,zlib@openssh.com

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit:

    debug2: kex_parse_kexinit: first_kex_follows 0

    debug2: kex_parse_kexinit: reserved 0

    debug2: mac_init: found hmac-md5

    debug1: kex: server->client aes128-ctr hmac-md5 none

    debug2: mac_init: found hmac-md5

    debug1: kex: client->server aes128-ctr hmac-md5 none

    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

    debug2: dh_gen_key: priv key bits set: 116/256

    debug2: bits set: 525/1024

    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

    debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts

    debug3: check_host_in_hostfile: match line 1

    debug1: Host '172.20.50.42' is known and matches the RSA host key.

    debug1: Found key in /root/.ssh/known_hosts:1

    debug2: bits set: 507/1024

    debug1: ssh_rsa_verify: signature correct

    debug2: kex_derive_keys

    debug2: set_newkeys: mode 1

    debug1: SSH2_MSG_NEWKEYS sent

    debug1: expecting SSH2_MSG_NEWKEYS

    debug2: set_newkeys: mode 0

    debug1: SSH2_MSG_NEWKEYS received

    debug1: SSH2_MSG_SERVICE_REQUEST sent

    debug2: service_accept: ssh-userauth

    debug1: SSH2_MSG_SERVICE_ACCEPT received

    debug2: key: /root/.ssh/identity ((nil))

    debug2: key: /root/.ssh/id_rsa ((nil))

    debug2: key: /root/.ssh/id_dsa ((nil))

    debug1: Authentications that can continue: publickey,gssapi-with-mic,password

    debug3: start over, passed a different list publickey,gssapi-with-mic,password

    debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password

    debug3: authmethod_lookup gssapi-with-mic

    debug3: remaining preferred: publickey,keyboard-interactive,password

    debug3: authmethod_is_enabled gssapi-with-mic

    debug1: Next authentication method: gssapi-with-mic

    debug3: Trying to reverse map address 172.20.50.42.

    debug1: Unspecified GSS failure. Minor code may provide more information

    No credentials cache found



    debug1: Unspecified GSS failure. Minor code may provide more information

    No credentials cache found



    debug1: Unspecified GSS failure. Minor code may provide more information

    No credentials cache found



    debug2: we did not send a packet, disable method

    debug3: authmethod_lookup publickey

    debug3: remaining preferred: keyboard-interactive,password

    debug3: authmethod_is_enabled publickey

    debug1: Next authentication method: publickey

    debug1: Trying private key: /root/.ssh/identity

    debug3: no such identity: /root/.ssh/identity

    debug1: Trying private key: /root/.ssh/id_rsa

    debug3: no such identity: /root/.ssh/id_rsa

    debug1: Trying private key: /root/.ssh/id_dsa

    debug3: no such identity: /root/.ssh/id_dsa

    debug2: we did not send a packet, disable method

    debug3: authmethod_lookup password

    debug3: remaining preferred: ,password

    debug3: authmethod_is_enabled password

    debug1: Next authentication method: password

    kneal@172.20.50.42's password:

    debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)

    debug2: we sent a password packet, wait for reply

    debug1: Authentication succeeded (password).

    debug1: channel 0: new [client-session]

    debug3: ssh_session2_open: channel_new: 0

    debug2: channel 0: send open

    debug1: Entering interactive session.

    debug2: callback start

    debug2: client_session2_setup: id 0

    debug2: channel 0: request pty-req confirm 0

    debug3: tty_make_modes: ospeed 38400

    debug3: tty_make_modes: ispeed 38400

    debug3: tty_make_modes: 1 3

    debug3: tty_make_modes: 2 28

    debug3: tty_make_modes: 3 127

    debug3: tty_make_modes: 4 21

    debug3: tty_make_modes: 5 4

    debug3: tty_make_modes: 6 0

    debug3: tty_make_modes: 7 0

    debug3: tty_make_modes: 8 17

    debug3: tty_make_modes: 9 19

    debug3: tty_make_modes: 10 26

    debug3: tty_make_modes: 12 18

    debug3: tty_make_modes: 13 23

    debug3: tty_make_modes: 14 22

    debug3: tty_make_modes: 18 15

    debug3: tty_make_modes: 30 0

    debug3: tty_make_modes: 31 0

    debug3: tty_make_modes: 32 0

    debug3: tty_make_modes: 33 0

    debug3: tty_make_modes: 34 0

    debug3: tty_make_modes: 35 0

    debug3: tty_make_modes: 36 1

    debug3: tty_make_modes: 37 0

    debug3: tty_make_modes: 38 1

    debug3: tty_make_modes: 39 0

    debug3: tty_make_modes: 40 0

    debug3: tty_make_modes: 41 0

    debug3: tty_make_modes: 50 1

    debug3: tty_make_modes: 51 1

    debug3: tty_make_modes: 52 0

    debug3: tty_make_modes: 53 1

    debug3: tty_make_modes: 54 1

    debug3: tty_make_modes: 55 1

    debug3: tty_make_modes: 56 0

    debug3: tty_make_modes: 57 0

    debug3: tty_make_modes: 58 0

    debug3: tty_make_modes: 59 1

    debug3: tty_make_modes: 60 1

    debug3: tty_make_modes: 61 1

    debug3: tty_make_modes: 62 0

    debug3: tty_make_modes: 70 1

    debug3: tty_make_modes: 71 0

    debug3: tty_make_modes: 72 1

    debug3: tty_make_modes: 73 0

    debug3: tty_make_modes: 74 0

    debug3: tty_make_modes: 75 0

    debug3: tty_make_modes: 90 1

    debug3: tty_make_modes: 91 1

    debug3: tty_make_modes: 92 0

    debug3: tty_make_modes: 93 0

    debug1: Sending environment.

    debug3: Ignored env HOSTNAME

    debug3: Ignored env TERM

    debug3: Ignored env SHELL

    debug3: Ignored env HISTSIZE

    debug3: Ignored env SSH_CLIENT

    debug3: Ignored env SSH_TTY

    debug3: Ignored env USER

    debug3: Ignored env LS_COLORS

    debug3: Ignored env MAIL

    debug3: Ignored env PATH

    debug3: Ignored env is_legal

    debug3: Ignored env INPUTRC

    debug3: Ignored env PWD

    debug1: Sending env LANG = en_US.UTF-8

    debug2: channel 0: request env confirm 0

    debug3: Ignored env SSH_ASKPASS

    debug3: Ignored env SHLVL

    debug3: Ignored env HOME

    debug3: Ignored env LOGNAME

    debug3: Ignored env SSH_CONNECTION

    debug3: Ignored env LESSOPEN

    debug3: Ignored env DISPLAY

    debug3: Ignored env G_BROKEN_FILENAMES

    debug3: Ignored env _

    debug2: channel 0: request shell confirm 0

    debug2: fd 3 setting TCP_NODELAY

    debug2: callback done

    debug2: channel 0: open confirm rwindow 0 rmax 32768

    debug2: channel 0: rcvd adjust 2097152

    Last login: Tue Nov 1 16:46:46 2011 from nttapcirds2.ntta.local

    Login denied!



    debug1: client_input_channel_req: channel 0 rtype exit-status reply 0

    debug2: channel 0: rcvd eof

    debug2: channel 0: output open -> drain

    debug2: channel 0: obuf empty

    debug2: channel 0: close_write

    debug2: channel 0: output drain -> closed

    debug2: channel 0: rcvd close

    debug2: channel 0: close_read

    debug2: channel 0: input open -> closed

    debug3: channel 0: will not send data after close

    debug2: channel 0: almost dead

    debug2: channel 0: gc: notify user

    debug2: channel 0: gc: user detached

    debug2: channel 0: send close

    debug2: channel 0: is dead

    debug2: channel 0: garbage collecting

    debug1: channel 0: free: client-session, nchannels 1

    debug3: channel 0: status: The following connections are open:

    #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)



    debug3: channel 0: close_fds r -1 w -1 e 6 c -1

    Connection to 172.20.50.42 closed.

    debug1: Transferred: stdin 0, stdout 0, stderr 36 bytes in 5.3 seconds

    debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 6.8

    debug1: Exit status 0



    ________________________
  • 7. Re: ssh session suddenly closed after successfully login.- pam_unix(sshd:sessio
    733470 Newbie
    Currently Being Moderated
    The userid is not 0.

    please see /etc/samba/smb.conf file

    uid
    uid=16811058(rmokkala) gid=16777729(domain users) groups=16777729(domain users),16782536(ntta-everyone)


    /etc/samba/smb.conf file

    workgroup = X
    password server = 10.100.220.161 10.100.220.162 10.100.220.163 10.100.220.164
    realm = X.LOCAL
    security = ads
    idmap uid = 16777216-33554431
    idmap gid = 16777216-33554431
    template shell = /bin/bash
    winbind use default domain = yes
    winbind offline logon = true
    winbind enum users = yes
    winbind enum groups = yes
    obey pam restrictions = yes
    allow trusted domains = no
    idmap backend = rid:x.local=16777216-33554431
  • 8. Re: ssh session suddenly closed after successfully login.- pam_unix(sshd:sessio
    Dude! Guru
    Currently Being Moderated
    It seems the error you are receiving is "login denied". Do you have access restrictions defined, e.g. etc/ssh/sshd_config?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points