Recently I decided to intall second daemon of SSH for Winbind users.
I mean I have configuration AIX + Samba + AD and I can login to the server via SSH with AD accounts to 22 port without any problems.
But now I have second installation of OpenSSH and don't understand why I can't do the same with that ?
I compiled it with :
$ ./configure --prefix=/opt/openssh --with-pam --with-kerberos5=/usr/krb5
$ make
$ make install
... and was nothing errors.
My config files on both daemons ssh is equal except Port (22 / 222)
$ cat /etc/ssh/sshd_config | egrep -v "(^#.|^$)"
Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin no
PasswordAuthentication yes
ChallengeResponseAuthentication yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
UseLogin yes
PermitUserEnvironment yes
PidFile /var/run/sshd.pid
Subsystem sftp /usr/sbin/sftp-server -e -l DEBUG3
On the second new one SSH I can login only with local users, but can't login with Winbind : (
Is 222 defined as a named service in /etc/services or whatever? What's in /etc/pam.d/* files?
BTW, why 2 servers?
Ok, I added two lines in /etc/services, but nothing changed
[root@wb53tst /]$ cat /etc/services | grep ssh
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp # SSH Remote Login Protocol
ssh 222/tcp
ssh 222/udp
About PAM
#
# Authentication
#
dtaction auth required pam_aix
dtsession auth required pam_aix
dtlogin auth required pam_aix
ftp auth required pam_aix
imap auth required pam_aix
login auth required pam_aix
rexec auth required pam_aix
rlogin auth sufficient pam_rhosts_auth
rlogin auth required pam_aix
rsh auth required pam_rhosts_auth
snapp auth required pam_aix
su auth sufficient pam_allowroot
su auth required pam_aix
telnet auth required pam_aix
OTHER auth required pam_prohibit
#
# Account Management
#
dtlogin account required pam_aix
ftp account required pam_aix
login account required pam_aix
rexec account required pam_aix
rlogin account required pam_aix
rsh account required pam_aix
su account sufficient pam_allowroot
su account required pam_aix
telnet account required pam_aix
OTHER account required pam_prohibit
#
# Password Management
#
dtlogin password required pam_aix
login password required pam_aix
passwd password required pam_aix
rlogin password required pam_aix
su password required pam_aix
telnet password required pam_aix
OTHER password required pam_prohibit
#
# Session Management
#
dtlogin session required pam_aix
ftp session required pam_aix
imap session required pam_aix
login session required pam_aix
rexec session required pam_aix
rlogin session required pam_aix
rsh session required pam_aix
snapp session required pam_aix
su session required pam_aix
telnet session required pam_aix
OTHER session required pam_prohibit
I think /etc/services needs a one-to-one (per protocol) to work correctly, so you might want to rename this service 'ssh2' or the like.
This fellow made it entirely a different service except for any internal strings in code: tgharold.com: Tech Blog: Setup sshd to run a second instance
PAM setup for ssh involves several files in the pam dir. Did you update them?
I think you confused.
In AIX is not present /etc/pam.d catalog. I saw it only in Linux systems.
PAM is not native AIX enviroinment.
sahiti
November 20, 2012, 1:11pm
6
Hi
I am unable to download ssh tried through IBM ID but unable to create an ID. Can any one help I want to work out the commands n check.
Well, the config files tend to move around and change from O/S to O/S, but the basics are still the same. His second ssh worked because it was an entirely different service and executable name, so it was not getting cpnfused with the configuration of the first ssh, just as configuration elements for http or ftp never get confused with ssh.