• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Passwordless SSH not working for local users on LDAP servers – CentOS/RHEL 7

by admin

The Problem

On a CentOS/RHEL 7 server, passwordless SSH for local users is not working. This server uses LDAP and all the LDAP user accesses are working fine. If we add a local user in /etc/security/access.conf then there is no issue with the connection. However, adding the username in /etc/security/access.conf file may not be an acceptable workaround depending on a customer’s internal security policies.

Root Cause

This issue happens as there are no privileges set for local users on the system which is using LDAP as its primary authentication method. The following error will be seen in the secure log file:

Jul 31 04:05:43 hcusalpbidmbi1s sshd[25861]: pam_access(sshd:account): access denied for user `infbiftp' from `dm-bii-dev-01.am.health.ge.com'
Jul 31 04:05:43 hcusalpbidmbi1s sshd[25861]: pam_sss(sshd:account): Access denied for user infbiftp: 10 (User not known to the underlying authentication module) >>>>
Jul 31 04:05:43 hcusalpbidmbi1s sshd[25861]: fatal: Access denied for user infbiftp by PAM account configuration [preauth] >>>>

The Solution

1. Edit the /etc/sshd/sshd_conf and add the following line:

# vi /etc/sshd/sshd_conf
AllowUsers username

Replace with the correct username, then save the file.

2. Edit the /etc/pam.d/sshd file and add the following line:

# vi /etc/pam.d/sshd
account sufficient pam_localuser.so

Save the file.

3. Restart the sshd service as well as sssd service.

# systemctl sshd restart
# systemctl sssd restart

Filed Under: CentOS/RHEL 7, Linux, OEL 7

Some more articles you might also be interested in …

  1. How to monitor your CPU on debian or ubuntu systems
  2. CentOS / RHEL : How to configure iptable rules to allow FTP ports 20/21
  3. UNIX / Linux : How to delete root equivalent user (Non-Root User with UID 0)
  4. ufw: command not found
  5. Rabbitmq install and management
  6. CentOS / RHEL : How to add, delete and display LVM tags
  7. latte-dock Command Examples in Linux
  8. lvextend command examples in Linux
  9. How to use shell aliases in Linux
  10. nmcli networking Command Examples

You May Also Like

Primary Sidebar

Recent Posts

  • qm Command Examples in Linux
  • qm wait Command Examples in Linux
  • qm start Command Examples in Linux
  • qm snapshot Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright