Kerberos and SSH login

Question

I've just configured a RHEL 7 for windows authentication (idmap_ad).

Every check works but if i try to ssh with a domain user i get the error:

Connection closed by ::1

Here follows the ssh log in debug mode:

Jul 22 11:16:02 SERVER sshd[7720]: Received signal 15; terminating.
Jul 22 11:16:03 SERVER sshd[7897]: Set /proc/self/oom_score_adj from 0 to -1000
Jul 22 11:16:03 SERVER sshd[7897]: debug1: Bind to port 22 on 0.0.0.0.
Jul 22 11:16:03 SERVER sshd[7897]: Server listening on 0.0.0.0 port 22.
Jul 22 11:16:03 SERVER sshd[7897]: debug1: Bind to port 22 on ::.
Jul 22 11:16:03 SERVER sshd[7897]: Server listening on :: port 22.
Jul 22 11:16:09 SERVER sshd[7897]: debug1: Forked child 7902.
Jul 22 11:16:09 SERVER sshd[7902]: Set /proc/self/oom_score_adj to 0
Jul 22 11:16:09 SERVER sshd[7902]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Jul 22 11:16:09 SERVER sshd[7902]: debug1: inetd sockets after dupping: 3, 3
Jul 22 11:16:09 SERVER sshd[7902]: Connection from ::1 port 44497
Jul 22 11:16:09 SERVER sshd[7902]: debug1: Client protocol version 2.0; client software version OpenSSH_6.4
Jul 22 11:16:09 SERVER sshd[7902]: debug1: match: OpenSSH_6.4 pat OpenSSH*
Jul 22 11:16:09 SERVER sshd[7902]: debug1: Enabling compatibility mode for protocol 2.0
Jul 22 11:16:09 SERVER sshd[7902]: debug1: Local version string SSH-2.0-OpenSSH_6.4
Jul 22 11:16:09 SERVER sshd[7902]: debug1: SELinux support enabled [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: permanently_set_uid: 74/74 [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: list_hostkey_types: ssh-rsa,ecdsa-sha2-nistp256 [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: SSH2_MSG_KEXINIT received [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: KEX done [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: userauth-request for user USER service ssh-connection method none [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: attempt 0 failures 0 [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: PAM: initializing for "USER"
Jul 22 11:16:09 SERVER sshd[7902]: debug1: PAM: setting PAM_RHOST to "localhost"
Jul 22 11:16:09 SERVER sshd[7902]: debug1: PAM: setting PAM_TTY to "ssh"
Jul 22 11:16:09 SERVER sshd[7902]: debug1: userauth-request for user USER service ssh-connection method gssapi-with-mic [preauth]
Jul 22 11:16:09 SERVER sshd[7902]: debug1: attempt 1 failures 0 [preauth]
Jul 22 11:16:12 SERVER sshd[7902]: debug1: userauth-request for user USER service ssh-connection method password [preauth]
Jul 22 11:16:12 SERVER sshd[7902]: debug1: attempt 2 failures 0 [preauth]
Jul 22 11:16:12 SERVER sshd[7902]: debug1: temporarily_use_uid: 4294967295/4294967295 (e=0/0)
Jul 22 11:16:12 SERVER sshd[7902]: fatal: initgroups: USER: Invalid argument
Jul 22 11:16:12 SERVER sshd[7902]: debug1: do_cleanup
Jul 22 11:16:12 SERVER sshd[7902]: debug1: PAM: cleanup
Jul 22 11:16:12 SERVER sshd[7902]: debug1: Killing privsep child 7903

Then, please, add the `passwd` line of your `/etc/nsswitch.conf` to your question, you should be able to access local and remote databases. — dawud, Jul 22 '14 at 10:20
passwd: files sss winbind shadow: files sss winbind group: files sss winbind — Alberto Tallone, Jul 22 '14 at 10:27
passwd: db files sss winbind shadow: db files sss winbind group: db files sss winbind — Alberto Tallone, Jul 22 '14 at 10:28

Kerberos and SSH login

0 Answers0