Home

Results 1 to 9 of 9

Thread: sshd access denied

  1. #1
    Join Date
    Dec 2007
    Posts
    131

    sshd access denied

    Hello,

    I have a problem with a Netware 6.5.7 server. I can't get SSH to work. I have a problem with authentication. When I want to try to login I get an Access Denied error. Novell LDAP is up and running.

    Here is my config file :

    # $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
    # NWConfVersion = 21

    # This is the sshd server system-wide configuration file. See
    # sshd_config(5) for more information.

    # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented. Uncommented options change a
    # default value.

    Port 22
    Protocol 2
    ListenAddress 0.0.0.0
    #ListenAddress ::

    # HostKey for protocol version 1
    HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key

    # Lifetime and size of ephemeral version 1 server key
    KeyRegenerationInterval 3600
    ServerKeyBits 768

    # Logging
    #obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    LogLevel INFO
    LogPath sys:/etc/ssh/logs
    LogMaxRotateFiles 7
    LogMaxFileSize 4
    LogRotationInterval 24

    # Authentication:

    LoginGraceTime 600
    #PermitRootLogin yes
    #StrictModes yes

    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile /etc/ssh/keys/authorized_keys

    # Change to yes if you don't trust /etc/ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    IgnoreUserKnownHosts no

    # To disable tunneled clear text passwords, change to no here!
    PasswordAuthentication yes
    #PermitEmptyPasswords no

    # Change to no to disable s/key passwords
    ChallengeResponseAuthentication yes

    ClientAliveInterval 10
    ClientAliveCountMax 6
    KeepAlive yes
    Compression yes

    # no default banner path
    #Banner /some/path

    # override default of no subsystems
    Subsystem sftp SYS:/SYSTEM/sftp-svr.nlm

    #eDir (Novell Directory Services) specific options
    eDirNameContext o=bibliotheek

    # Multi server navigation, default yes
    # yes, path is /servername/volume/dirpath
    # no, path is /volume/dirpath
    DoSFTPMultiServerNavigation yes

    # Ignore users home dir unless on destination server, default no
    IgnoreRemoteHomeDir no

    # Proxy user and password for ldap searches, useful when
    # anon binds are disabled. Name must be fully qualified
    ProxyName cn=ldappxy,o=bibliotheek
    ProxyPassword

    # Allow SSH console session access, default yes
    AllowSSHSessions yes

    # Restrict users to their home directory and below, default no
    RestrictToHomeDir no

    # File that contains list of users that are not restricted
    UnrestrictFile /etc/ssh/unrestrict.txt

    # Ignore all eDir home directory settings, use defaults settings, default no
    IgnoreAllHomeDir no

    # Default settings for user without a home directory
    # or when IgnoreAllHomeDir is yes, no defaults
    #DefaultUserHomeDir /public
    #DefaultUserHomeVolume sys
    #DefaultUserHomeServer rhost

    # File name transactions are done using UTF8
    # default no
    SSHDSendUTF8FileNames no

    # UTF8 file names to clients in this space separated aware list if
    # SSHDSendUTF8FileNames is 'yes'. If SSHDSendUTF8FileNames 'yes' and
    # this list is empty then all clients are considered UTF8 aware.
    #UTF8AwareClients WinSCP_release_3.7.6

    # Space separated list of CommonName:FullDistinguishName pairs. Common name
    # used during login will be converted to the FDN for authentication purposes.
    # No default, maximum of 16
    eDirNameContext OU=centrale.O=Bibliotheek
    eDirNameContext OU=Personeel.OU=centrale.O=Bibliotheek

    What could be the problem? I have an other server and that one is running fine.

    John

  2. #2
    Join Date
    Dec 2007
    Posts
    131

    Re: sshd access denied

    Problem solved it was an invallid certificate. If have one other problem now if I login I get an error :

    login as: admin
    admin@192.168.30.12's password:

    Only users with supervisor rights to this server can access console screens.
    Press any key to disconnect.

    Admin user has supervisor rights to the server object. Verry strange.

  3. #3
    Join Date
    Nov 2007
    Location
    The Aaland Islands N60 E20
    Posts
    6,984

    Re: sshd access denied

    Try adding the user to the server under the "Operators" tab. Does it
    work then?

    - Anders Gustafsson (Sysop)
    The Aaland Islands (N60 E20)


    Novell has a new enhancement request system,
    or what is now known as the requirement portal.
    If customers would like to give input in the upcoming
    releases of Novell products then they should go to
    http://www.novell.com/rms


  4. #4
    Join Date
    Dec 2007
    Posts
    131

    Re: sshd access denied

    I have added the user admin to operators but still no result.

  5. #5
    Join Date
    Nov 2007
    Location
    The Aaland Islands N60 E20
    Posts
    6,984

    Re: sshd access denied

    Jslegers,
    > I have added the user admin to operators but still no result.
    >

    OK. Have you checked with SDIDIAG that your server keys are OK?

    - Anders Gustafsson (Sysop)
    The Aaland Islands (N60 E20)


    Novell has a new enhancement request system,
    or what is now known as the requirement portal.
    If customers would like to give input in the upcoming
    releases of Novell products then they should go to
    http://www.novell.com/rms


  6. #6
    Join Date
    Dec 2007
    Posts
    131

    Re: sshd access denied

    I have started SDIDIAG but there were no errors found.

  7. #7
    Join Date
    Nov 2007
    Location
    The Aaland Islands N60 E20
    Posts
    6,984

    Re: sshd access denied

    Jslegers,
    > I have started SDIDIAG but there were no errors found.
    >

    OK. No ideas then. Let me ask around, but just for laughs, have you
    tried another user? HAs it ever worked? Have you changed any of the
    settings in The sshd_config file is located in sys\etc\ssh\?

    - Anders Gustafsson (Sysop)
    The Aaland Islands (N60 E20)


    Novell has a new enhancement request system,
    or what is now known as the requirement portal.
    If customers would like to give input in the upcoming
    releases of Novell products then they should go to
    http://www.novell.com/rms


  8. #8
    Join Date
    Dec 2007
    Posts
    131

    Re: sshd access denied

    Hi AndersG,

    We have tried with an other user and same problem. It has worked. Server is reinstalled due to harddisk crash.

    John

  9. #9
    Join Date
    Nov 2007
    Location
    The Aaland Islands N60 E20
    Posts
    6,984

    Re: sshd access denied

    Jslegers,
    > We have tried with an other user and same problem. It has worked.
    > Server is reinstalled due to harddisk crash.
    >

    OK. Let me ask.

    - Anders Gustafsson (Sysop)
    The Aaland Islands (N60 E20)


    Novell has a new enhancement request system,
    or what is now known as the requirement portal.
    If customers would like to give input in the upcoming
    releases of Novell products then they should go to
    http://www.novell.com/rms


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •