I want to ssh into a host using a local user and want to know how to configure it the best way, preferably that requires only changes on that host and not on the LDAP backend.
Currently I get this error and it appears that authentication for the local user is attempted via LDAP/PAM : debug1: PAM: password authentication failed for USER: Authentication failure
Based on some directions I found already, I did these changes but that doesn't help:
+ : USER_UNIX_GROUP : ALL
auth sufficient pam_succeed_if.so user ingroup USER_UNIX_GROUP
The above settings get to these state, but don't know how to get the user to be locally authenticated without having to disable PAM in ssh (which is not an option):
Jun 2 15:54:04 HOST sshd[29907]: pam_succeed_if(sshd:auth): requirement "user ingroup demo" was met by user "USER"
Jun 2 15:54:04 HOST sshd[29907]: Failed password for USER from SOURCE_IP port 42522 ssh2
I think you need to look at the nsswith.conf (or whatever you OS uses) and set soemething like:
passwd: files ldap
group: files ldap
This should look at files first and then LDAP.
Be carfull. There are a lot of parameters for PAM. Make on change at a time and document what you did.
Might also try some simple steps for diagnostics:
getent passwd userid
Should show the parameters for the userID.
getent netgroup sysadmin
sysadmin (sa.willeke.com, , ) (xenhost.willeke.com, , )
Should show the parameters for the netgroup.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.