Score:0

SSH refuses to allow specific user to login directly via ssh

id flag

I have a specific user (Lets call them user through out this post) on a host that displays the following errors when trying to ssh via public key auth:

PTY allocation request failed on channel 0
Direct login access is disallowed

I can mitigate the first error by using ssh user@host "/bin/bash -i", but I am unable to get past the second error.

Things I have tried:

  • I can sudo -s (or sudo -i to the user as root on the host directly.
  • The user is locked down (passwd -l user), I unlocked and assigned a password to the user. Same problem. However I can su - user as any other user after the account is unlocked and a password is applied.
  • I checked /etc/ssh/sshd_config on the server, No entries for AllowUsers, AllowGroups, DenyUsers, DenyGroups.
  • I am able to ssh directly as root no problem.
  • I created a new user, and able to ssh directly to them as well.
  • Confirmed ssh key selection and authorized_keys are set properly, however I dont think this is a key issue.
  • /etc/passwd shows the user has /bin/bash set for their shell.
  • /etc/security/access.conf is completely commented out with no settings set.
  • restarted sshd many times.
  • There is no /etc/login.blocks file.
  • /var/log/secure, /var/log/messages, nor journalctl -fu sshd only show Session open then Session closed for user user
  • ssh user@host -vvvvvvv just shows the Direct login access is disallowed
  • rebooted the host.

Note: this is a rhel system that does not have its subscriptions enabled yet.

What gives? Why can I not access this

Score:0
id flag

Figured it out. It was a script that someone wrote that was restricting access to the host. The script was being run after anyone connected to the user via ssh.

This was implemented in user's ~/.ssh/authorized_keys.

Here is the line that was showing in the file:

command="/home/user/script/that/was/causing/problems.sh", ssh-rsa ABC123hugepubliccipher==

After removing the command= section, users were then able to ssh in again.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.