Cannot SSH with shell user

Discussion in 'Installation/Configuration' started by bigmac1, May 23, 2011.

  1. bigmac1

    bigmac1 New Member

    I am a new ISPConfig user. I just created my first site. I then created a shell user. However, I cannot log in through SSH.

    I have been trying to resolve this issue and searching for hours. The shell user shows up in /etc/passwd, but not in sshusers.

    How can I resolve this?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the exact error message from the auth log file. Also make sure that you used the correct username to login (incl. the username prefix) as it is displayed in the ssh user list.
     
  3. bigmac1

    bigmac1 New Member

    from /var/log/auth.log:

    Code:
    May 23 23:52:21 li74-222 sshd[27633]: User [USERNAME] from [HOST] not allowed because none of user's groups are listed in AllowGroups
    May 23 23:52:21 li74-222 sshd[27633]: Failed none for invalid user [USERNAME] from [IP] port 49679 ssh2
    May 23 23:52:29 li74-222 sshd[27633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=[HOST]  user=[USERNAME]
    May 23 23:52:31 li74-222 sshd[27633]: Failed password for invalid user [USERNAME] from [IP] port 49679 ssh2
    
    (I manually inserted [USERNAME] [HOST] [IP])

    So then I checked /etc/ssh/sshd_config to see which groups are in AllowGroups. As expected, it is sshusers. So the error makes sense because the user created by ISPConfig is not in sshusers. My original question remains. How come it isn't?
     
    Last edited: May 24, 2011
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig does not use a group named sshusers. Please reconfigure your ssh and remove that group limit.
     
  5. bigmac1

    bigmac1 New Member

    3 follow-up questions:

    1) I didn't create that group. Shouldn't ISPConfig be taking care of all that stuff? Or at least mention it during installation or somewhere in the 300-page manual?

    2) There is already a user web1 in sshusers. I think ISPConfig created that user. If so, doesn't that mean that ISPConfig is aware of sshusers group and should be adding other users to it?

    3) If I remove that group limit, wouldn't that make the system less secure? If I have to modify system settings outside of ISPConfig, wouldn't it make more sense to just add that user to sshusers?

    It just doesn't make sense to me why I would have to modify system settings in order to make ISPConfig perform basic functions.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    As I mentioned above, ispconfig has no support for group limits in SSH and ispconfig ahs not configured such a limit in your sshd_config file. Also such a limit is not the default in any of the supported linux distributions, so either you configured that limit or the person who installed the server or the hosting provider where you rented that server has altered the configuration in that way. The manual mentions only features of ispconfig and not something that is not supported of course. All ispconfig system users that are not allowed to login by ssh have logins globally disabled, so only users that you add in ispconfig as ssh users can login with ssh.
     
  7. bigmac1

    bigmac1 New Member

    I understand what you are saying, but if ISPConfig has no support for group limits, why is user web1 part of sshusers?

    How do I know web1 was created by ISPConfig, you may ask. Looking at /etc/passwd, it was created after user ispconfig and before the shell user I created in ISPConfig. Also, the home directory is /var/www/clients/client1/web1/./home/web1 which was created by ISPConfig.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Either you added no ssh user for the other website yet (as a web1 user is not a ssh user, its just the owner of the website), ssh users are alias user with the same id of the website owner or you use jailkit only for some websites.
     

Share This Page