Any idea how this occurred? This is the first time i've had this particular problem. All of my other systems before these two had no problems at all.
Im just curious, from looking at the logs on the two servers having problems, why it is having problems with authentication. Kinda baffles me.
I'd like to track down the cause of this and make sure it does not occur again and if it does, then I know how to fix it.
Anyone know possibly why this happened?
Thanks. Jason
At 01:01 PM 8/19/2003 -0400, you wrote:
On Tue, 19 Aug 2003 09:52:15 -0700 Jason Williams <[EMAIL PROTECTED]> wrote:
> Morning everyone.
>
> Ok...i've had this problem for about 2 weeks now and it is really driving
> me crazy.
> What is happening is that I am opening a SSH connection to my RH server
> running RH 9.0.
> Once I type in my username, it takes about 3-5 seconds for the password
> prompt to show up...
> This is really frustrating, so what i did was log in and start tailing the
> message log. Here is what I found:
>
> Aug 19 09:43:44 corpmail sshd(pam_unix)[1702]: authentication failure;
> logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=jwilliams user=jwilliams
>
> Bingo! Something is wrong.
>
> I have a total of 3 RH 9.0 servers on the network, two of them which are
> having this long log in thing, while one is great. I compared all three of
> them and this is what I found:
>
> #1
> Aug 19 09:43:44 corpmail sshd(pam_unix)[1702]: authentication failure;
> logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=jwilliams user=j
>
> #2
> Aug 19 10:51:05 rack5 sshd(pam_unix)[18731]: authentication failure;
> logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=192.168.1.90 user=jwilliams
>
> #3 (the one that works)
> Aug 19 09:49:46 ubergeek sshd(pam_unix)[25622]: session opened for user
> jwilliams by (uid=500)
>
> Just from looking at this, it appears that for servers #1 and #2, there is
> a problem with the uid, but #3 has no problem with that.
>
> Anyone have any idea on why this is happening, what caused this and how to
> fix this?
>
> I appreciate it.
>
> Jason
>
Hi Jason,
You must have missed this discussion just in the past week or so. You can add the "nodelay" option to the following line in the /etc/pam.d/system-auth file like so:
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok nodelay
While this isn't _the best solution_ it does work and doesn't require any recompilation. However, be aware that any attacker trying to log in will have one less problem probing your system.
Regards, Sean
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
