Hello,
I have a requirement to create a user, with SSH access, that will be used for vulnerability scanning. I've added a user and set a password (commands below) but unable to login via SSH. I've done a lot searching and sshd_config, PAM, etc and coming up blank.
useradd -c "Vulnerability Scan account" -s /bin/bash -u NNN -md /home/<user_account_name> <user_account_name>
passwd <user_account_name>
What are the steps for creating a user with SSH access?
Thank you
Hi,
Check if there is a line AllowGroups in the file /etc/ssh/sshd_config - if available, login is allowed only for users whose groups matches this pattern. In my test appliance, there is a such group named wheel, so you need to add your user to this group, or add the groups your user belongs to to AllowGroups line.
To add your user to wheel group, you can use the following command:
usermod -G wheel <user_account_name>
Hi,
Check if there is a line AllowGroups in the file /etc/ssh/sshd_config - if available, login is allowed only for users whose groups matches this pattern. In my test appliance, there is a such group named wheel, so you need to add your user to this group, or add the groups your user belongs to to AllowGroups line.
To add your user to wheel group, you can use the following command:
usermod -G wheel <user_account_name>
Thank you but I'm still getting access denied.
groups <user_account_name>
<user_account_name> : users wheel
/var/log/auth.log
2018-02-26T15:26:01.634665-06:00 <host_name> sshd[26318]: Connection from x.x.x.x port 64564
2018-02-26T15:26:11.462368-06:00 <host_name> sshd[26318]: reprocess config line 65: Unsupported option KerberosAuthentication
2018-02-26T15:26:11.462384-06:00 <host_name> sshd[26318]: reprocess config line 71: Unsupported option GSSAPIAuthentication
2018-02-26T15:26:11.462388-06:00 <host_name> sshd[26318]: reprocess config line 123: Deprecated option RhostsRSAAuthentication
2018-02-26T15:26:20.716999-06:00 <host_name> sshd[26318]: Failed password for <user_account_name> from x.x.x.x port 64564 ssh2
2018-02-26T15:26:31.962587-06:00 <host_name> sshd[26318]: Connection closed by x.x.x.x port 64564 [preauth]
Not sure why it doesn't work.
Which vRO version and what SSH client do you use? Could you also check if there are other AllowUsers, AllowGroups, DenyUsers and/or DenyGroups directives in your sshd_config file?
Its weird, I even changed the password to what is used by root to ensure i was entering it correctly.
7.3.0.21566-6423561
putty 0.67 - SSH 2, same client used when logging on as root.
No other Allow/Deny user/group directives in sshd_config
Are there length or character requirements for user accounts?
The user account I was trying with is: aaa-b-c-defghi-jkl
I just created a different one using: abcdef and it worked!
Tried with exactly the same user aaa-b-c-defghi-jkl on vRO 7.3 (slightly newer build than your) and PuTTY 0.69 - works in my environment.
Could you try to replace dashes with letters in the user name, to check if the problem is because of dashes? Or try to enclose this string in double quotes in all places where it appears on command line - "aaa-b-c-defghi-jkl"
If this still doesn't work, could you try with shorter usernames (still containing dashes, though) to check if you are hitting some size limit? I think names up to 32 characters (at least) should be allowed, but who knows...
Hi Ilian,
Didn't work replacing the dashes with "x" so I removed the -u switch & value and it worked! :smileyconfused: I should have tried this from the beginning but I wasn't sure if there was something going on.
Thank you for your great and responsive help!