Date: Thu, 20 Oct 2005 14:26:01 +0200 From: Olaf Greve <o.greve@axis.nl> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Weird SSH problem... Any ideas?!? Message-ID: <43578CD9.9020309@axis.nl> In-Reply-To: <Pine.LNX.4.64.0510201218070.18028@shannon.math.ku.dk> References: <435767E5.7020002@axis.nl> <Pine.LNX.4.64.0510201218070.18028@shannon.math.ku.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > Some things to try, in sshd_config set: > > PrintLastLog=no > LogLevel=DEBUG Tnx a lot, this did the trick!!! I first tried it without the "PrintLastLog no" command, and with a proper AllowUsers line and that still didn't allow the login over SSH. Then, adding that "PrintLastLog no" line (and again restarting SSHD) indeed did the trick! I do notice something weird though, which I also noticed from a warning Amavisd-new has given me: for some reason unpriviliged users do not seem to "see" their login name, but rather only their UID, when performing a "whoami" call?!? For my account that's in the wheel group and for the root account "whoami" properly returns the right name, but other users only see their UID. Any ideas why that can be, and if that can be fixed as well? > try toggling with AllowGroups and AllowUsers this is good for security > also as you can deny system users or groups login and restrict users > to login only from specific hosts, see the manpage for more options. No luck, but I was going to do this anyway, so that addition has been made too now. > Also try: > lastlog <user that cannot login> Hmmm, there is no binary called 'lastlog' on my system. There is /usr/sbin/lastlogin though, so I'm assuming that is the one you referred too? Well, when calling that function with the user name, or the matching ID, it results in the following: lastlogin 1026 lastlogin: user '1026' not found However, when calling the same stuff (using the user names) as root, I do see entries perfectly well... >> -This does not happen when "su -" ing to the user's account from the >> box itself. > > > Note, there is a differens between su'ing and logging in. Can you > login? Dunno. My machine is located at a server farm and at present I cannot physically step behind it to do a console login, so I have to rely on SSH for logging in. Alright, so the issue in itself has been resolved, but I would like to see this "whoami" issue (if indeed it is an issue) fixed. Anyone any ideas on that one? Cheers! Olafo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43578CD9.9020309>