Date: Thu, 20 Oct 2005 11:24:07 +0100 From: Alex Zbyslaw <xfb52@dial.pipex.com> To: Olaf Greve <o.greve@axis.nl> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: Weird SSH problem... Any ideas?!? Message-ID: <43577047.8090706@dial.pipex.com> In-Reply-To: <435767E5.7020002@axis.nl> References: <435767E5.7020002@axis.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Olaf Greve wrote: > Hi, > > Yesterday it has been brought to my attention that SSH access is not > working well on my new server. > > The background: I have set-up a new server (FreeBSD 5.4-Release > AMD/64) and I migrated the user accounts from my old server (FreeBSD > 5.2.1-Release i386). > > Now, I was under the assumption everything was working fine, as I > myself have no issues in SSH-ing as unprivileged user to the machine > (note: my unprivileged account is featured in the wheel group, which > may be of importance!). > > However, when a regular user who resides in a regular group tries to > SSH to the machine, after entering the correct password the connection > is immediately dropped, and the following error (note: the below lines > contain dummy names and IP addresses) is shown in /var/log/auth.log: > > Oct 20 11:39:40 milx sshd[48147]: Accepted keyboard-interactive/pam > for abcdef from 123.45.67.89 port 35335 ssh2 > Oct 20 11:39:40 milx sshd[48150]: fatal: login_get_lastlog: Cannot > find account for uid 1234 > > I have done some Googling on it, and there are quite a few hits when > searching for this particular error message. The errors seem to be > happening on all sorts of Unixes, yet as my machines are FreeBSD ones, > I'm asking here. > > I have unfortunately not been able to find a solution using Google, > but I did find some pointers as to the cause. They are: > -This seems to happen when SSH cannot retrieve the last login date and > time for a user. Can this somehow implicitly or explicitly be flushed? > -This does not happen when "su -" ing to the user's account from the > box itself. > -This may not happen to users that are allowed to become root (i.e. > are in the wheel group). If it *is* related to getting last login time then maybe the permissions on /var/log/wtmp are wrong? Mine are 352 -rw-r--r-- 1 root wheel - 329428 Oct 20 10:54 /var/log/wtmp but if other did not have read permission it would fit with the assumptions and symptoms you mention. Group wheel is only about su-ing on BSD, though it is often used to give read/write permissions on files to those privileged users. --Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43577047.8090706>