• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Passwordless SSH not working for local users on LDAP servers – CentOS/RHEL 7

By admin

The Problem

On a CentOS/RHEL 7 server, passwordless SSH for local users is not working. This server uses LDAP and all the LDAP user accesses are working fine. If we add a local user in /etc/security/access.conf then there is no issue with the connection. However, adding the username in /etc/security/access.conf file may not be an acceptable workaround depending on a customer’s internal security policies.

Root Cause

This issue happens as there are no privileges set for local users on the system which is using LDAP as its primary authentication method. The following error will be seen in the secure log file:

Jul 31 04:05:43 hcusalpbidmbi1s sshd[25861]: pam_access(sshd:account): access denied for user `infbiftp' from `dm-bii-dev-01.am.health.ge.com'
Jul 31 04:05:43 hcusalpbidmbi1s sshd[25861]: pam_sss(sshd:account): Access denied for user infbiftp: 10 (User not known to the underlying authentication module) >>>>
Jul 31 04:05:43 hcusalpbidmbi1s sshd[25861]: fatal: Access denied for user infbiftp by PAM account configuration [preauth] >>>>

The Solution

1. Edit the /etc/sshd/sshd_conf and add the following line:

# vi /etc/sshd/sshd_conf
AllowUsers username

Replace with the correct username, then save the file.

2. Edit the /etc/pam.d/sshd file and add the following line:

# vi /etc/pam.d/sshd
account sufficient pam_localuser.so

Save the file.

3. Restart the sshd service as well as sssd service.

# systemctl sshd restart
# systemctl sssd restart

Filed Under: CentOS/RHEL 7, Linux, OEL 7

Some more articles you might also be interested in …

  1. How to Re-generate initramfs and vmlinuz for Rescue Kernel with Current Kernel in CentOS/RHEL 7
  2. CentOS / RHEL 7 : Never run the iptables service and FirewallD service at the same time!
  3. UNIX / Linux : How to lock or disable an user account
  4. Linux OS Service ‘sshd’
  5. How to enable/disable SELinux Modes in RHEL/CentOS
  6. How to Change Kernel Semaphore Limits in CentOS/RHEL
  7. How to verify if NX/XD is Enabled or Disabled in CentOS/RHEL 7 and 8
  8. TCP Wrapper (hosts.allow & hosts.deny) Command Options in Linux
  9. CentOS / RHEL : How to remove used Physical Volume(PV) from Volume Group (VG) in LVM
  10. How to Disable the ‘lvm2-lvmetad.socket/service’ on CentOS/RHEL 7

You May Also Like

Primary Sidebar

Recent Posts

  • Oracle Database – Configuring Secure Application Roles
  • Extend rule sets by using factors in Oracle Database Vault
  • What are Command Rules in oracle Database
  • Using Rule Sets in Oracle Database Vault
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary