unable to login via ssh with non-root user

Started by srich, April 12, 2021, 08:46:25 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
April 12, 2021, 08:46:25 PM
Hello,
  I am able to login via ssh as root using password for login.  I have created a group with super-user privileges and a member user with super-user privileges for testing purposes.  The tester via the webgui indicates a successful login attempt, but when I login, I receive a message of the form: 'NO LOGINS: System going down at 22:15 / Administrator refusing you: /var/run/login'  When I login as root, I can switch user to the account I created.  The .login file for my user indicates it is using csh for its login script. as I had setup via the webgui. My intent is to eventually have normal users be able to sftp to and from the machine, but am unable to do so now because of this limitation.  Has anyone experienced this issue prerviously, and does anyone know of a fix or what I have done incorrectly to create the issue?
Thanks in advance.
April 14, 2021, 07:39:39 AM #1
I made a typo in my original post.  I m only able to login via SSH as root, and not as any other user including a user with super-user privileges.  I am running version 21.1.4.  If anyone has any insight into what I might be doing incorrectly, please let me know.
Thanks
April 14, 2021, 08:37:45 AM #2
Hi srich,

You need to assign a shell to this user in their settings.


Cheers,
Franco
April 14, 2021, 05:13:04 PM #3
Hello,
  I did assign csh, yet I still have the problem.  The user's home directory has a  .cshrc file and a .login file indicating that the shell is set correctly (I think), but I still get the issue. 
Thanks
April 14, 2021, 05:52:30 PM #4
Did you set a login group in System>Settings>Administration>Secure Shell.

Create a group, add the user to the group and allow that and wheel to login.

Alternatively you can use the admins group, and just set Wheel,Admins
April 14, 2021, 07:24:41 PM #5
I included the group in login groups for secure shell originally.  The etc/passwd file includes the user with the appropriate home directory and shell; however, above that there is the following entry:
'sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin'  Could this be overriding any users which are listed after that?
April 14, 2021, 11:00:10 PM #6
That is normal. Should not affect anything.

Just make sure the account in question that you setup is correct.

To recap

Create a user account. Create a group account (ie: sshaccess)

Edit user account to have a shell (personally i just use /bin/sh). Add user to group in same page. Add the authorized key if you have one.

Go to System>Settings>Administration>Secure Shell

set the access to wheel,sshaccess

If you arent using key authentication (you should). Check the box to allow password logins. Save.
April 14, 2021, 11:21:34 PM #7
I did all of the above, and still have the issue.  I know that I setup the group and the users correctly becasue I can see the appropriate entries in /etc/passwd (for the shell) and /usr/local/etc/ssh/sshd for the group.  Something else seems to be amiss
April 14, 2021, 11:39:08 PM #8 Last Edit: April 14, 2021, 11:41:40 PM by scot
Is the shell listed next to the user account name in /etc/passwd
IE:

Code Select
cat /etc/passwd | grep username

username:*:uid:gid::/home/username:/bin/sh

And similar in /etc/group

Code Select
cat /etc/group | grep username

groupname:*:gid:username1,username2


I just changed my user to use /bin/csh over /bin/sh. It still works. FWIW i am on 21.1.4 OpenSSL as of today. 21.1.3_3 previously. Orignally installed/upgrade from 20.7
April 15, 2021, 12:12:13 AM #9
etc/group:
family:*:2000:scott,testuser
etc/passwd:
testuser:*:2001:65534:Test User:/home/testuser:/bin/csh

/usr/local/etc/ssh/sshd:
AllowGroups wheel family

Both user scott and user testuser encounter the same issue.

April 15, 2021, 12:43:54 AM #10
So if you run

Code Select
cat /etc/group | grep scott

What is the output

same for

Code Select
cat /etc/group | grep testuser


Also is PasswordAuthentication set to yes or no in /usr/local/etc/ssh/sshd_config?
April 15, 2021, 04:19:40 AM #11
They are the same:

family:*:2000:scott,testuser
April 15, 2021, 04:27:05 AM #12
password authentication is set to yes:

/usr/local/etc/ssh/sshd_config:
AllowGroups wheel family
PermitRootLogin yes
ChallengeResponseAuthentication yes
PasswordAuthentication yes

April 15, 2021, 07:33:49 AM #13
OPNsense uses its on PAM module and stores users in a separate database. You did create all settings through the UI, right? Adding a user manually to password and group files won't work.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 15, 2021, 07:45:56 AM #14
I did everything through the UI per the instructions on the site.  I just verified the settings after the fact.
Print
Go Up Pages1 2
User actions