Join Log in
Score:3
Nicolas De Jay avatar Server

Unable to su or ssh as anyone but root on CentOS 7

mx flag
Nicolas De Jay

I seem to be unable to ssh or su as a local user on my CentOS 7 machine as of today.

$ adduser ndejay
$ passwd ndejay
Changing password for user ndejay.
New password:
Retype new password:

$ su ndejay
su: failed to execute /bin/bash: Permission denied

$ ssh ndejay@localhost
ndejay@localhost's password:
Could not chdir to home directory /home/ndejay: Permission denied
/bin/bash: Permission denied
Connection to localhost closed.

I confirmed that permissions are set properly and that SElinux is disabled.

$ ls -ld /home /home/ndejay
drwxr-xr-t. 10 root   root   4096 Feb 27 18:13 /home
drwx------   2 ndejay ndejay   85 Feb 27 18:13 /home/ndejay

$ ls -ld /bin /usr/bin /usr/bin/bash
lrwxrwxrwx. 1 root root      7 Oct  1  2015 /bin -> usr/bin
dr-xr-xr-x. 2 root root  36864 Jan  9 17:51 /usr/bin
-rwxr-xr-x. 1 root root 960384 Mar  5  2015 /usr/bin/bash

$ getenforce
Disabled

$ tail /var/log/secure
Feb 27 18:13:28 fs01 su: pam_unix(su:session): session opened for user ndejay by (uid=0)
Feb 27 18:13:28 fs01 su: pam_sss(su:session): Request to sssd failed. Connection refused

I tried to disable sssd, but it doesn't help:

$ authconfig --savebackup /root/230227-authconfig
$ authconfig --disablesssd --disablesssdauth --update

$ tail /var/log/secure
Feb 27 18:35:24 fs01 su: pam_unix(su:session): session opened for user ndejay by (uid=0)
Feb 27 18:35:24 fs01 su: pam_unix(su:session): session closed for user ndejay

Feb 27 18:40:25 fs01 sssd[14272]: Accepted password for ndejay from 172.21.13.11 port 53132 ssh2
Feb 27 18:40:25 fs01 sshd[14272]: pam_unix(sshd:session): session opened for user ndejay by (uid=0)
Feb 27 18:40:25 fs01 sshd[14344]: Received disconnect from 172.21.13.11: 11: disconnected by user
Feb 27 18:40:25 fs01 sshd[14272]: pam_unix(sshd:session): session closed for user ndejay

Any help would be greatly appreciated. Thanks! Nic

EDIT 1 after @Andrew Henle suggestion to look into disk usage

$ df -h
Filesystem                                           Size  Used Avail Use% Mounted on
/dev/mapper/centos-root                              222G  100G  123G  45% /
devtmpfs                                             7.8G     0  7.8G   0% /dev
tmpfs                                                7.8G     0  7.8G   0% /dev/shm
tmpfs                                                7.8G   41M  7.7G   1% /run
tmpfs                                                7.8G     0  7.8G   0% /sys/fs/cgroup
/dev/sdb1                                            4.7G  174M  4.5G   4% /boot
/dev/mapper/centos-home                               47G  122M   47G   1% /home
tmpfs                                                1.6G     0  1.6G   0% /run/user/0
tmpfs                                                1.6G     0  1.6G   0% /run/user/12002
$ df -i
Filesystem                                              Inodes    IUsed      IFree IUse% Mounted on
/dev/mapper/centos-root                              232411136  2806233  229604903    2% /
devtmpfs                                               2026378      497    2025881    1% /dev
tmpfs                                                  2028949        1    2028948    1% /dev/shm
tmpfs                                                  2028949      711    2028238    1% /run
tmpfs                                                  2028949       13    2028936    1% /sys/fs/cgroup
/dev/sdb1                                              4882432      337    4882095    1% /boot
/dev/mapper/centos-home                               48828416      889   48827527    1% /home
tmpfs                                                  2028949        1    2028948    1% /run/user/0
tmpfs                                                  2028949        1    2028948    1% /run/user/12002

EDIT 2 after @Andrew Henle suggestion to look into verbose sshd logs

On the server:

$ /usr/sbin/sshd -ddd -p 222
...
Server listening on :: port 222.

On the client:

$ ssh -p 222 ndejay@fs01
Last login: Mon Feb 27 18:40:25 2023 from d1p-hydratm01.ldi.lan
debug3: mm_request_send entering: type 124
debug3: mm_request_receive_expect entering: type 125
debug3: mm_request_receive entering
debug3: Copy environment: XDG_SESSION_ID=2198
Environment:
  LANG=en_US.UTF-8
  USER=ndejay
  LOGNAME=ndejay
  HOME=/home/ndejay
  PATH=/usr/local/bin:/usr/bin
  MAIL=/var/mail/ndejay
  SHELL=/bin/bash
  ...
  SSH_TTY=/dev/pts/1
  TERM=xterm-256color
  XDG_SESSION_ID=2198
Could not chdir to home directory /home/ndejay: Permission denied
/bin/bash: Permission denied
Connection to fs01 closed.

On the server end (full log on pastebin):

Connection from 172.21.13.11 port 50449 on 172.21.13.10 port 222
...
Could not stat AuthorizedKeysCommand "/usr/bin/sss_ssh_authorizedkeys": Permission denied
...
debug1: Could not open authorized keys '/home/ndejay/.ssh/authorized_keys': Permission denied
...
Accepted password for ndejay from 172.21.13.11 port 51316 ssh2
...
/dev/pts/1: Permission denied
open /dev/tty failed - could not set controlling tty: Permission denied
...
Received disconnect from 172.21.13.11: 11: disconnected by user
290
0 + 8
su
ssh
Andrew Henle avatar
ph flag
Andrew Henle
Do you have a full disk partition? What's the output of `df -h` and `df -i`? I'm assuming `ssh` and `su` worked until recently?
1
Reply
Nicolas De Jay avatar
mx flag
Nicolas De Jay
`ssh` and `su` worked last week without a problem, and I hadn't touched the system since. I do not have a full disk partition (edited in OP).
1
Reply
Andrew Henle avatar
ph flag
Andrew Henle
Do you have root access on the suspect system? If so, run `sshd -ddd -p 222` (or whatever port you can both bind to) as `root` in one terminal window, then run `ssh -p 222 ...` to try to connect. The `sshd -ddd` will run `sshd` in debug mode, the multiple `-d` options will raise the debug level, and the output should tell you *why* `sshd` is not allowing access.
1
Reply
Nicolas De Jay avatar
mx flag
Nicolas De Jay
Thanks for the suggestion, I didn't know about the `-ddd` option. Looking into the logs, there just seem to be bizarre permission issues all around (edited in OP). It almost looks like either the permission system or user switching system is broken system-wide. Any thoughts on what to look into next?
1
Reply
Andrew Henle avatar
ph flag
Andrew Henle
What are the exact permissions on those files? *And* all the directories in the path? Including `/`?
1
Reply
Andrew Henle avatar
ph flag
Andrew Henle
These look strange, too: `/dev/pts/1: Permission denied` and `open /dev/tty failed - could not set controlling tty: Permission denied`
1
Reply
Nicolas De Jay avatar
mx flag
Nicolas De Jay
Wow, I feel so stupid. `/` had permissions set to `700`. I had checked the permissions of everything including root-level directories such as `/bin` but somehow forgot to look into `/` itself. Setting the permissions back to `3755` fixed the issue. Thanks a lot for the suggestion!
0
Reply
Nicolas De Jay avatar
mx flag
Nicolas De Jay
Would you like to write up a short answer based on your last comment so that I can vote it up? Thanks again!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.