Weird SSH issue

hey all, I guess I'm the newbie on these boards, anyways, hello.

I recently became the admin for a few Solaris machines, and I have recently discovered an issue with SSH on one of my machines.

On one of my machines, I can only SSH into the machine as root. I have tried the newest version of Putty and Secure CRT. What happens is, if I try to log in as a user, the machine prompts for a password like normal, and then after I enter it in, the session just closes. In putty the program exits.

I have done the following to try to resolve the problem.

1. Reset the user password that I was using.
2. Added a AllowUsers line in my sshd_config
3. Created a new user

All three of those did not work. I can log in just fine with root, but nothing else. I do not know if the prior admin did something or what, I am just running out of ideas.

Any ideas?

ps. Thanks!

Can you get in with the user account with telnet, rlogin, and/or ftp? Can you su - user as root?

Check that the user account is okay by looking at it in /etc/passwd - insure it has a valid shell.

ssh to the server as root, then ssh to the same server as user - there may be error messages that you aren't seeing due to the window closing.

Check /var/adm/messages for any errors.

My server is Co-Located, and SSH/ftp is the only means of communication (besides an out of band that is set up at the co-lo). I checked the passwd file, and everything looked good there, also when I su - I get no errors. I did try to connect and tailed that messages file, here is the output.

Nov 4 11:01:13 : [ID 681337 daemon.notice] conn,01336: Connection accepted from xx.xx.xxx.xxx:1555.
Nov 4 11:01:18 : [ID 681337 daemon.notice] auth,01336: none for user xxxx rejected because it is unavailable.
Nov 4 11:01:43 : [ID 681337 daemon.error] err ,01336: No umask found for user xxxx.
Nov 4 11:01:43 : [ID 681337 daemon.notice] auth,01336: password for user xxxx accepted.
Nov 4 11:01:43 : [ID 681337 daemon.notice] conn,01336: Session channel open request accepted.
Nov 4 11:01:43 : [ID 681337 daemon.notice] conn,01336: Child (3598) has exited. Status: 2.
Nov 4 11:01:44 : [ID 681337 daemon.notice] conn,01336: Session channel has been closed (pid: 3598).
Nov 4 11:01:44 : [ID 681337 daemon.notice] conn,01336: Connection closed.

Again, what happens when you ftp as that user?
Again, if you ssh to server as root, and then ssh from that session to same server as user, what happens?

Post the user info from /etc/passwd (I'm looking for the shell)

Did you su - OR su - user - there is a difference.

Are you using kerberos, NIS, or just local files? What version of Solaris? What version of ssh?

Sorry about being so vague, here are the answers.

1. I can ftp as user just fine.
2. The SSH disconnects from the command line.
3. user:x:100:14:System Admin:/home/user:/bin/bash
4. I ran "su - user" earlier
5. I have no idea on the first part of the question, I am running Solaris 8, I am using Secure CRT 4.0.6 and Putty .056 connecting via ssh2

Edited to add: After looking around the system some more, I am actually running vshelld as my ssh daemon. I've looked into the config file, and there are no restrictions in there that should be blocking me. I have restarted the vshelld, but still can not SSH as user, even from a SSH session as root.

You might want to try connecting with the -v option - it may show where it is failing.

See vsh man page

As far as NIS or local files - you can look at /etc/nsswitch.conf to see what it shows for passwd. But this seems to be a ssh problem only (you could ftp as that user).

I was able to solve the problem, thanks for all the help. I looked in the vshelld config file one last time today, and noticed this line:

ChrootUsers {* } # Restricts user's shell, and remote execution to their home directory.

I decided to comment out that line in case the * character in there was throwing off Vshell, besides, I use /etc/passwd to manage user shells anyways.

After making that change I can SSH to that machine just fine, so, problem fixed.

Thanks again