Today I got a strange ssh problem which got me scratching my head a couple of times.
On a CentOS 5 server I tried to use a ssh key exchange for a ssh login. The key was correctly installed and the permissions on .ssh and the authorized_keys file were set correctly.
But as soon as I tried to log in from the remote machine, I got the following error:
$ ssh nagios@centosmachine
Connection closed by centosmachine
On the centosmachine, I followed the logs and in /var/log/secure the following error messages were logged:
Jul 29 08:24:14 centosmachine sshd: pam_access(sshd:account): access denied for user `nagios' from `nagiosserver'
Jul 29 08:24:14 centosmachine sshd: fatal: Access denied for user nagios by PAM account configuration
At first I expected a missing "AllowUsers" entry in /etc/ssh/sshd_config, but there were no such entries, meaning all local users should be allowed. I also tested if I could locally switch to the nagios user and simulate a login, which was working fine. So there are no permission problems on the home directory either.
Eventualy I came across a blog entry on andyhan.net. It seems that he had a similar issue a while ago and he pointed me to the correct file: /etc/security/access.conf.
I compared this file with other CentOS servers to which nagios was able to connect to and indeed, there was the following line missing:
+ : nagios : nagiosserver
As soon as I added this line, therefore allowing the nagios user from nagiosserver, the nagios user was able to connect via ssh again.
Maxy from wrote on Jun 29th, 2016:
Thanks mate, this helped me to fix my issue.
Timo from wrote on Apr 6th, 2016:
Thanks, this was EXACTLY my issue with a Ubuntu 14.04 VM.
adastra from wrote on Feb 25th, 2016:
Thanks for this, it saved me some time!
Personal Internet VMware PHP Linux Shell Bluecoat Proxy Windows Hardware Virtualization Nagios MySQL DB Monitoring Mail Android Network Wyse Hacks Tomcat Postgres Apple Mac Backup BSD ZFS Solaris SmartOS Unix Multimedia Perl Database MongoDB CMS OTRS FreeBSD Wordpress LXC Nginx Proxmox DNS Graphics GlusterFS Security Chef HAProxy Icinga Ansible HTML MariaDB Containers Rancher Docker AWS ELK Kibana Logstash Filebeat Varnish PGSQL PostgreSQL ElasticSearch CouchDB Bash Macintosh Container Minio Grafana InfluxDB Databases NFS OSSEC SystemD Java Zoneminder Surveillance Elasticsearch SSL TLS Icingaweb2 Cloud Wireless Kubernetes Ubuntu