Solved: Re: How to add local linux user to vRO?

robrtb12 · ‎02-26-2018

Hello,
I have a requirement to create a user, with SSH access, that will be used for vulnerability scanning. I've added a user and set a password (commands below) but unable to login via SSH. I've done a lot searching and sshd_config, PAM, etc and coming up blank.

useradd -c "Vulnerability Scan account" -s /bin/bash -u NNN -md /home/<user_account_name> <user_account_name>

passwd <user_account_name>

What are the steps for creating a user with SSH access?

Thank you

iiliev · ‎02-26-2018

Hi,

Check if there is a line AllowGroups in the file /etc/ssh/sshd_config - if available, login is allowed only for users whose groups matches this pattern. In my test appliance, there is a such group named wheel, so you need to add your user to this group, or add the groups your user belongs to to AllowGroups line.

To add your user to wheel group, you can use the following command:

usermod -G wheel <user_account_name>

View solution in original post

iiliev · ‎02-26-2018

Hi,

Check if there is a line AllowGroups in the file /etc/ssh/sshd_config - if available, login is allowed only for users whose groups matches this pattern. In my test appliance, there is a such group named wheel, so you need to add your user to this group, or add the groups your user belongs to to AllowGroups line.

To add your user to wheel group, you can use the following command:

usermod -G wheel <user_account_name>

robrtb12 · ‎02-26-2018

Thank you but I'm still getting access denied.

groups <user_account_name>

<user_account_name> : users wheel

/var/log/auth.log

2018-02-26T15:26:01.634665-06:00 <host_name> sshd[26318]: Connection from x.x.x.x port 64564

2018-02-26T15:26:11.462368-06:00 <host_name> sshd[26318]: reprocess config line 65: Unsupported option KerberosAuthentication

2018-02-26T15:26:11.462384-06:00 <host_name> sshd[26318]: reprocess config line 71: Unsupported option GSSAPIAuthentication

2018-02-26T15:26:11.462388-06:00 <host_name> sshd[26318]: reprocess config line 123: Deprecated option RhostsRSAAuthentication

2018-02-26T15:26:20.716999-06:00 <host_name> sshd[26318]: Failed password for <user_account_name> from x.x.x.x port 64564 ssh2

2018-02-26T15:26:31.962587-06:00 <host_name> sshd[26318]: Connection closed by x.x.x.x port 64564 [preauth]

iiliev · ‎02-26-2018

Not sure why it doesn't work.

Which vRO version and what SSH client do you use? Could you also check if there are other AllowUsers, AllowGroups, DenyUsers and/or DenyGroups directives in your sshd_config file?

robrtb12 · ‎02-26-2018

Its weird, I even changed the password to what is used by root to ensure i was entering it correctly.

7.3.0.21566-6423561

putty 0.67 - SSH 2, same client used when logging on as root.

No other Allow/Deny user/group directives in sshd_config

robrtb12 · ‎02-26-2018

Are there length or character requirements for user accounts?

The user account I was trying with is: aaa-b-c-defghi-jkl

I just created a different one using: abcdef and it worked!

iiliev · ‎02-26-2018

Tried with exactly the same user aaa-b-c-defghi-jkl on vRO 7.3 (slightly newer build than your) and PuTTY 0.69 - works in my environment.

Could you try to replace dashes with letters in the user name, to check if the problem is because of dashes? Or try to enclose this string in double quotes in all places where it appears on command line - "aaa-b-c-defghi-jkl"

If this still doesn't work, could you try with shorter usernames (still containing dashes, though) to check if you are hitting some size limit? I think names up to 32 characters (at least) should be allowed, but who knows...

robrtb12 · ‎02-26-2018

Hi Ilian,
Didn't work replacing the dashes with "x" so I removed the -u switch & value and it worked! :smileyconfused: I should have tried this from the beginning but I wasn't sure if there was something going on.

Thank you for your great and responsive help!