Hi all - Here is an odd one.
I have a group of userIDs that login via SSH keys (stored in
.ssh/authorized_keys and NOT in IPA) to a system enrolled in IPA of
course. Actually all the systems are enrolled in IPA, so that should be
a given.
Environment - RHEL 7.4 or 7.5 with current IPA on all. Even tried
adding the SSH pubkey to IPA to see if there was any difference, but
still just as random. 2 IPA servers in the environment -- checked and
double-checked for SYNC - although with the key in the local file, I
would think sync would not be an issue, but just figured I would mention.
Now for the explanation - most of the time, logins work just fine - but
randomly, they fail with errors as shown - and I just enabled
debug_level = 7, so hopefully will have more info, but just wondering if
anyone has any ideas where to start looking that might cause the
randomness. The odd part - I have never been able to repeat this with my
own account, and never seen a failure personally, only relying on logs.
In some cases, it is only a few seconds later that the operation fails,
and then 15-20 seconds later, it works again.:
May 30 20:55:21 grover1-prod sshd[73862]: Accepted publickey for
blahblahusername from 10.1.5.253 port 45650 ssh2: RSA
SHA256:8D1E+mNqphs3bNxH28JYYpkzM9MeWcr7v8
May 30 20:55:21 grover1-prod sshd[73862]: pam_unix(sshd:session):
session opened for user blahblahusername by (uid=0)
May 30 20:55:21 grover1-prod sshd[73862]: pam_unix(sshd:session):
session closed for user blahblahusername
May 30 21:00:06 grover1-prod sshd[87570]: pam_sss(sshd:account): Access
denied for user blahblahusername: 4 (System error)
May 30 21:00:06 grover1-prod sshd[87570]: fatal: Access denied for user
blahblahusername by PAM account configuration [preauth]
May 30 23:21:10 grover1-prod sshd[1083]: Accepted publickey for
blahblahusername from 10.1.5.253 port 40802 ssh2: RSA
SHA256:8D1E+mNqphs3bNxH28JYYpkzM9MeWcr7v8
May 30 23:21:10 grover1-prod sshd[1083]: pam_unix(sshd:session): session
opened for user blahblahusername by (uid=0)
May 30 23:21:10 grover1-prod sshd[1083]: pam_unix(sshd:session): session
closed for user blahblahusername
May 30 23:21:10 grover1-prod sshd[1137]: Accepted publickey for
blahblahusername from 10.1.5.253 port 40804 ssh2: RSA
SHA256:8D1E+mNqphs3bNxH28JYYpkzM9MeWcr7v8
May 30 23:21:10 grover1-prod sshd[1137]: pam_unix(sshd:session): session
opened for user blahblahusername by (uid=0)
May 30 23:21:10 grover1-prod sshd[1137]: pam_unix(sshd:session): session
closed for user blahblahusername
May 31 02:00:06 grover1-prod sshd[3982]: pam_sss(sshd:account): Access
denied for user blahblahusername: 4 (System error)
May 31 02:00:06 grover1-prod sshd[3982]: fatal: Access denied for user
blahblahusername by PAM account configuration [preauth]
May 31 02:56:46 grover1-prod sshd[89318]: pam_sss(sshd:auth):
authentication success; logname= uid=0 euid=0 tty=ssh ruser=
rhost=bastionp1.example.com user=blahblahusername
May 31 02:56:47 grover1-prod sshd[89315]: Accepted
keyboard-interactive/pam for blahblahusername from 10.1.3.18 port 42302 ssh2
May 31 02:56:47 grover1-prod sshd[89315]: pam_unix(sshd:session):
session opened for user blahblahusername by (uid=0)
May 31 03:21:35 grover1-prod sshd[89315]: pam_unix(sshd:session):
session closed for user blahblahusername
May 31 03:24:53 grover1-prod sshd[50179]: pam_sss(sshd:auth):
authentication success; logname= uid=0 euid=0 tty=ssh ruser=
rhost=bastionp1.example.com user=blahblahusername
May 31 03:45:42 grover1-prod sshd[6121]: Accepted
keyboard-interactive/pam for blahblahusername from 10.1.3.18 port 42422 ssh2
May 31 03:45:42 grover1-prod sshd[6121]: pam_unix(sshd:session): session
opened for user blahblahusername by (uid=0)
May 31 03:53:54 grover1-prod sshd[25509]: pam_sss(sshd:auth):
authentication success; logname= uid=0 euid=0 tty=ssh ruser=
rhost=bastionp1.example.com user=blahblahusername
May 31 03:53:55 grover1-prod sshd[25506]: Accepted
keyboard-interactive/pam for blahblahusername from 10.1.3.18 port 42474 ssh2
May 31 03:53:55 grover1-prod sshd[25506]: pam_unix(sshd:session):
session opened for user blahblahusername by (uid=0)
May 31 05:58:04 grover1-prod sshd[6121]: pam_unix(sshd:session): session
closed for user blahblahusername
May 31 06:55:24 grover1-prod sshd[25506]: pam_unix(sshd:session):
session closed for user blahblahusername
May 31 06:55:24 grover1-prod sshd[50177]: pam_unix(sshd:session):
session closed for user blahblahusername
Any ideas where I might start looking?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/4RJG6PZHHX262JZKR53YWKYOXRCN67RJ/
