0

I tried to enable password authentication in CentOS 7 only for one user - auditor, by having this lines in my sshd.config (at the end of file):

PubkeyAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
Match User auditor
        PasswordAuthentication yes

Also I tried to use another version of it like this, but it was also failing(at the end of file):

PubkeyAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
Match User auditor
        PasswordAuthentication yes
        PubkeyAuthentication no

So the idea is that only auditor can use password based authentication, while other users should use ssh keys. However, right now when I try to use right password for auditor user it fails, here is the output of using ssh -v [email protected] :

debug1: Reading configuration data /Users/x/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 1.1.1.1 [1.1.1.1] port 22.
debug1: Connection established.
debug1: identity file /Users/x/.ssh/id_rsa type 0
debug1: identity file /Users/x/.ssh/id_rsa-cert type -1
debug1: identity file /Users/x/.ssh/id_ecdsa type -1
debug1: identity file /Users/x/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/x/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/x/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/x/.ssh/id_ed25519 type 3
debug1: identity file /Users/x/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/x/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/x/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/x/.ssh/id_xmss type -1
debug1: identity file /Users/x/.ssh/id_xmss-cert type -1
debug1: identity file /Users/x/.ssh/id_dsa type -1
debug1: identity file /Users/x/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: compat_banner: match: OpenSSH_7.4 pat OpenSSH_7.4* compat 0x04000006
debug1: Authenticating 1.1.1.1:22 as 'auditor'
debug1: load_hostkeys: fopen /Users/ruslanpilipyuk/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:yG9ihB1FM0daFQhndj5va3zcGLEYA73dVOI5HWew5sU
debug1: load_hostkeys: fopen /Users/ruslanpilipyuk/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '213.136.90.91' is known and matches the ED25519 host key.
debug1: Found key in /Users/x/.ssh/known_hosts:226
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /Users/x/.ssh/id_rsa RSA SHA256:rgab6HygmfnCFqgmLoLwPGf4jkOksDL0rXeGMFokpaY
debug1: Will attempt key: /Users/x/.ssh/id_ecdsa
debug1: Will attempt key: /Users/x/.ssh/id_ecdsa_sk
debug1: Will attempt key: /Users/x/.ssh/id_ed25519 ED25519 SHA256:WS9usNno93BV5vw0GnAMMxZhB/USG4rnTE7WnkUV1SY
debug1: Will attempt key: /Users/ruslanpilipyuk/.ssh/id_ed25519_sk
debug1: Will attempt key: /Users/x/.ssh/id_xmss
debug1: Will attempt key: /Users/x/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/x/.ssh/id_rsa RSA SHA256:rgab6HygmfnCFqgmLoLwPGf4jkOksDL0rXeGMFokpaY
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /Users/x/.ssh/id_ecdsa
debug1: Trying private key: /Users/ruslanpilipyuk/.ssh/id_ecdsa_sk
debug1: Offering public key: /Users/ruslanpilipyuk/.ssh/id_ed25519 ED25519 SHA256:WS9usNno93BV5vw0GnAMMxZhB/USG4rnTE7WnkUV1SY
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /Users/ruslanpilipyuk/.ssh/id_ed25519_sk
debug1: Trying private key: /Users/x/.ssh/id_xmss
debug1: Trying private key: /Users/x/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password:
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
Permission denied, please try again.
Improve this question
1
  • I'm unable to recreate your issue in CentOS 7.5. If you could post the full sshd_config file it would be helpful.
    – kenlukas
    Jan 27 at 20:31

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .