Today I got a strange ssh problem which got me scratching my head a couple of times.
On a CentOS 5 server I tried to use a ssh key exchange for a ssh login. The key was correctly installed and the permissions on .ssh and the authorized_keys file were set correctly.
But as soon as I tried to log in from the remote machine, I got the following error:
$ ssh nagios@centosmachine
Connection closed by centosmachine
On the centosmachine, I followed the logs and in /var/log/secure the following error messages were logged:
Jul 29 08:24:14 centosmachine sshd: pam_access(sshd:account): access denied for user `nagios' from `nagiosserver'
Jul 29 08:24:14 centosmachine sshd: fatal: Access denied for user nagios by PAM account configuration
At first I expected a missing "AllowUsers" entry in /etc/ssh/sshd_config, but there were no such entries, meaning all local users should be allowed. I also tested if I could locally switch to the nagios user and simulate a login, which was working fine. So there are no permission problems on the home directory either.
Eventualy I came across a blog entry on andyhan.net. It seems that he had a similar issue a while ago and he pointed me to the correct file: /etc/security/access.conf.
I compared this file with other CentOS servers to which nagios was able to connect to and indeed, there was the following line missing:
+ : nagios : nagiosserver
As soon as I added this line, therefore allowing the nagios user from nagiosserver, the nagios user was able to connect via ssh again.
Maxy from wrote on Jun 29th, 2016:
Thanks mate, this helped me to fix my issue.
Timo from wrote on Apr 6th, 2016:
Thanks, this was EXACTLY my issue with a Ubuntu 14.04 VM.
adastra from wrote on Feb 25th, 2016:
Thanks for this, it saved me some time!
AWS Android Ansible Apache Apple Atlassian Automation BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Container Containers CouchDB DB DNS Database Databases Docker ELK ElasticSearch Elasticsearch Filebeat FreeBSD GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb2 InfluxDB Internet Java Kibana Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher SSL Security Shell SmartOS Solaris Surveillance SystemD TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder