Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Oct 2005 14:26:01 +0200
From:      Olaf Greve <o.greve@axis.nl>
To:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: Weird SSH problem... Any ideas?!?
Message-ID:  <43578CD9.9020309@axis.nl>
In-Reply-To: <Pine.LNX.4.64.0510201218070.18028@shannon.math.ku.dk>
References:  <435767E5.7020002@axis.nl> <Pine.LNX.4.64.0510201218070.18028@shannon.math.ku.dk>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

 > Some things to try, in sshd_config set:
 >
 > PrintLastLog=no
 > LogLevel=DEBUG


Tnx a lot, this did the trick!!! I first tried it without the 
"PrintLastLog no" command, and with a proper AllowUsers line and that 
still didn't allow the login over SSH. Then, adding that "PrintLastLog 
no" line (and again restarting SSHD) indeed did the trick!

I do notice something weird though, which I also noticed from a warning 
Amavisd-new has given me: for some reason unpriviliged users do not seem 
to "see" their login name, but rather only their UID, when performing a 
"whoami" call?!?
For my account that's in the wheel group and for the root account 
"whoami" properly returns the right name, but other users only see their 
UID. Any ideas why that can be, and if that can be fixed as well?

 > try toggling with AllowGroups and AllowUsers this is good for security
 > also as you can deny system users or groups login and restrict users
 > to login only from specific hosts, see the manpage for more options.


No luck, but I was going to do this anyway, so that addition has been 
made too now.

 > Also try:
 > lastlog <user that cannot login>


Hmmm, there is no binary called 'lastlog' on my system. There is 
/usr/sbin/lastlogin though, so I'm assuming that is the one you referred 
too?

Well, when calling that function with the user name, or the matching ID, 
it results in the following:
lastlogin 1026
lastlogin: user '1026' not found

However, when calling the same stuff (using the user names) as root, I 
do see entries perfectly well...

 >> -This does not happen when "su -" ing to the user's account from the
 >> box itself.
 >
 >
 > Note, there is a differens between su'ing and logging in. Can you
 > login?


Dunno. My machine is located at a server farm and at present I cannot 
physically step behind it to do a console login, so I have to rely on 
SSH for logging in.

Alright, so the issue in itself has been resolved, but I would like to 
see this "whoami" issue (if indeed it is an issue) fixed.

Anyone any ideas on that one?

Cheers!
Olafo



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43578CD9.9020309>