SSH access doesn't work

modem

Verified User
Joined
Apr 7, 2004
Messages
396
Hello all,

I noticed this issue today after a client brought it to my attention. I had created a custom package for a friend of mine who is needing a breif period of hosting for a project at his college. Anyway I gave him the things he needed when setting up the package such as CGI, PHP, and SSH. However he IM'd me this morning letting me know that everything works except he can *not* get into SSH. He gets access denied messages, even when typing the password in correctly.

Well I went into my WebMin software and checked the OpenSSH (3.6.1) module where I can access the settings for SSH via a GUI area. It only showed root and admin users having access to SSH, so I decided to manually add this friend of mine to that list.

Upon exiting out of Webmin and trying to login via SSH as this user, it still would *not* log in. I continually got Access Denied messages.

Is this a bug in DirectAdmin?

Bradley
 
Last edited:
Is the username listed in the "AllowedUsers" list in /etc/ssh/sshd_config ?

Is the user able to login to the DA control panel with his username/password?

modem said:
Is this a bug in DirectAdmin?
Maybe, but I would guess not. Since you are running WebMin alongside DirectAdmin who knows what could go wrong? Besides, the ssh service is running independently from DA so I can't think of anything at the moment that would point the finger to DirectAdmin as the cause of the problem. Even if you shut down DA you would still be able to use ssh. As far as DA is concerned the only thing that it's responsible for is adding/removing the user from the AllowedUsers list in sshd_config. If that works than DA has done its job.
Unless I'm overlooking something in which case I'm sure someone will come along and correct me ;)
 
Last edited:
Thanks for finding my grammatical mistake. I corrected that.

I checked the sshd_config file only to find that it has not added entries to the AllowedUsers line like it should have.

The Webmin software is something that works great with DA, it allows me to view config files and such without having to use a terminal to access the system when I'm away from my desk.
 
So enabling/disabling the 'SSH' option of the useraccount does not add/remove that user from the "AllowedUsers" list in sshd_config? Hm, that would explain why your friend can't login if his account name isn't listed.
What are the file and owner access rights of sshd_config ? Maybe DA can't modify the file? (just thinking out loud)


modem said:
The Webmin software is something that works great with DA, it allows me to view config files and such without having to use a terminal to access the system when I'm away from my desk.
I remember reading the other thread you started about running WebMin alongside DA and that you found it works well together. I only mentioned it because I can imagine that it could potentially cause problems, running two control panels simultaneously I mean, both trying to administer the same server? Not that I'm aware of any incompatibilities, it's more a feeling really.
 
Last edited:
I checked the sshd_config file and it's owned by root/root with 644 permissions. If that should be changed, what should it be changed too?
 
I checked it on my server and it's the same as yours so I guess that's not the problem. I'm afraid I'm out of ideas on this one, sorry.
 
How do I run an SSH command?

Hello,

I would like to know how I can run an SSH command on the server
I need it for the google sitemap to run a command that looks like this:

python sitemap_gen.py --config=<path/config.xml
to add it to my two sites:


Pixels4Animals
Pixels4Diabetes

Thanks
 
Last edited:
Your example doesn't look like an ssh command so I'm not sure what you mean.

the man ssh command will give you lots of information.

Jeff
 
python sitemap_gen.py --config=<path/config.xml

That is a valid command using a Bash shell - if python is installed and in the user path.

However, if you are not root, chances are that command wont work - you'll need to have the server administrator run it for you.

If you are root, you can find where python is installed by typing "which python" and it'll reveal the path

# which python
/usr/bin/python

so at the bash prompt:

#/usr/bin/python/python sitemap_gen.py --config=<path/config.xml

would be the command
 
I'm not the root cause it's not my server it's my host company,
Is there a way to put this code in a CGI/PERL page and let it run by opening the page?
 
Let me hijack this thread since its aptly named for my problem. :)

SSH access doesnt work for anyone but root, but I've checked the /etc/ssh/sshd_config and the users are added there, i've checked the /etc/passwd file and they are added there, they can log into DA, i can login as root and change user to one of them, it gives an error of the password being wrong but it does change the user.

But when you try to login as anyone but root directly (in putty) you either get: "Server unexpectedly closed the network connection" or Access denied.

I've tried changing passwords with the passwd command to make sure i got the right password but it makes no difference.

Is there some security setting i have on that i dont know about? Any ideas of where i could check? I have one personal server with centos5 and DA setup and one at work with the same setup, the problem is the same at both of them and at least on the one at work i know there hasnt been any security tune up done of any kind, it should all just be standard settings.
 
Let me hijack this thread since its aptly named for my problem. :)
That's often not a good idea.
SSH access doesnt work for anyone but root, but I've checked the /etc/ssh/sshd_config and the users are added there
Do you mean they're added with the AddUser directive?
I've checked the /etc/passwd file and they are added there, they can log into DA, i can login as root and change user to one of them, it gives an error of the password being wrong but it does change the user.
Are the users in the /etc/shadow file?
Is there some security setting i have on that i dont know about? Any ideas of where i could check? I have one personal server with centos5 and DA setup and one at work with the same setup, the problem is the same at both of them and at least on the one at work i know there hasnt been any security tune up done of any kind, it should all just be standard settings.
Something isn't being maintained properly.

Perhaps DirectAdmin Support will be able to help you if you got your licenses from them. Perhaps you'll need to hire an experienced System Administrator to look into your system to see what might be wrong. You should probably have someone experienced do some security auditing and perhaps tightening as well, and perhaps that same someone could figure out the problem at the same time.

Jeff
 
That's often not a good idea.

Do you mean they're added with the AddUser directive?

Are the users in the /etc/shadow file?

Something isn't being maintained properly.

Perhaps DirectAdmin Support will be able to help you if you got your licenses from them. Perhaps you'll need to hire an experienced System Administrator to look into your system to see what might be wrong. You should probably have someone experienced do some security auditing and perhaps tightening as well, and perhaps that same someone could figure out the problem at the same time.

Jeff

I've added users with the adduser directive and it makes no difference, but i meant users added by directadmin.

Yes, they're in the shadow file.

I guess i can ask DA support since at least on one of them pretty much all thats been done is install DA on a virgin, freshly installed CentOS 5, while the other has had the security auditing you're talking about.

Thanks, was just hoping it was something easily fixed.
 
It probably is. But without looking at your server I can't tell what the easy fix might be, and since I charge to look at servers I recommend DirectAdmin Support first :).

Jeff
 
Back
Top