sshd on a minimal Linux: "Failed password for invalid user root"
Solution 1
I suppose you must have solved your problem long time ago by now?
I have the same type of setup but on Debian, not Fedora, minimal linux no PAM etc and stumbled on this problem. google wasn't helpful, after downloading open SSH sources I found that sshd, in absence of PAM uses a glibc function, getpwnam()
, in the authentication process. This function, no doubt, is super generic and helpful in any type of environment but it would not resort to checking the /etc/passwd
and friends if libnss_files.so.*
wasn't installed.
Adding this library to my minimal linux fixed the problem for me. I'm curious to know the reason in your case?
Solution 2
Perhaps you didn't see this comment in the default sshd_config
file?
# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
# problems.
On Fedora and Red Hat, you must enable PAM authentication.
Related videos on Youtube
Divius
Updated on September 18, 2022Comments
-
Divius over 1 year
I'm trying to start SSH server on a minimal Fedora installation. And I mean really minimal: one that is produced by diskimage-builder ramdisk builder. It does not even have users (absent
/etc/passwd
etc).So, now I'm trying to run sshd on such a system. During the build I copy
/etc/
{passwd
,group
,shadow
} from a minimal (hmm.. less minimal) system. I also pregenerate host keys andsshd_config
:PermitRootLogin yes UsePAM no UseDNS no UsePrivilegeSeparation no PasswordAuthentication yes HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key
(full script). In the ramdisk I set root password via chpasswd and start SSHd with
/sbin/sshd -p $SSH_PORT
(
SSH_PORT
being 22 for now - default one). And after the ramdisk boots and reports back, I try to log in. Here fun starts:debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: password [email protected]'s password: debug1: Authentications that can continue: publickey,password,keyboard-interactive Permission denied, please try again. [email protected]'s password:
In ssh logs on a server I see
debug1: userauth-request for user root service ssh-connection method password Could not get shadow information for NOUSER Failed password for invalid user root from 192.0.2.1 port 38734 ssh2
So despite everything I tried, user '
root
' stays invalid. Any ideas are appreciated. -
Divius about 9 yearsThere's no PAM on these ramdisks. Also "cause several problems" does not mean "ok, we broke everything in a strange way" to me...
-
Divius about 9 yearssorry, but that does not. There was authentication in Unix much before PAM was invented. And presence of UsePAM=no option definitely says that sshd should work without it somehow...