thr3ads.net - openssh unix dev - "PAM rejected by account configuration" and "fatal: monitor_read: unsupported request: 24" problem at secong sshd instance [Jan 2004]

If this information is useful, please help other people find it:
Share via:

Istvan Viczian

2004-Jan-19 22:41 UTC

"PAM rejected by account configuration" and "fatal: monitor_read: unsupported request: 24" problem at secong sshd instance

Hi,

I setup two sshd instance (using OpenSSH_3.5p1 bins on redhat7.2  kernel 
2.4.20-19.7smp ) in order to achieve differnet sshd settings (e.g use 
different auth.method) on two different network interfaces (both on port 
22).

For example to setup Hostbased authetication on the 1st sshd
and RSA pub. key auth. on the second:

The 1st instance config file /etc/ssh/sshd_config looks like:

  Protocol 2
  ListenAddress 10.0.0.1
  PidFile /var/run/sshd.pid
  SyslogFacility DAEMON
  LogLevel DEBUG3
  IgnoreRhosts yes
  HostbasedAuthentication yes
  PubkeyAuthentication no
  PasswordAuthentication no
  PermitEmptyPasswords no

The 2nd instance config file: /etc/ssh2/sshd_config
almost the same with the necesary differences:

  Protocol 2
  ListenAddress 10.0.0.2
  PidFile /var/run/sshd2.pid
  SyslogFacility DAEMON
  LogLevel DEBUG3
  IgnoreRhosts yes
  HostbasedAuthentication yes
  PubkeyAuthentication no
  PasswordAuthentication no
  PermitEmptyPasswords no

( the second instance started with : sshd -f /etc/ssh2/sshd_config 
without any problem)

When I started the two daemon, the first instance
( which uses the default /etc/ssh conf. dir.)
always worked properly (login from host 10.0.0.11 as user2)
independently form the used auth. method
, but the second daemon always failed after the successfull 
authentication with

   "PAM rejected by account configuration[]: User account has expired"
   and
   "fatal: monitor_read: unsupported request: 24"

error messages (see detailed logs below ).

I also tried to run only the second instance, and the same problem
appeared! So it seems for me that the problem is reduced to using non 
default sshd config file!


sshd2 LOG in case of RSA pub. key was set on it:

#Jan 19 23:31:11 mach sshd2[2918]: debug1: trying public key file 
/home/user2/.ssh/authorized_keys
#Jan 19 23:31:11 mach sshd2[2918]: debug3: secure_filename: checking 
'/home/user2/.ssh'
#Jan 19 23:31:11 mach sshd2[2918]: debug3: secure_filename: checking 
'/home/user2'
#Jan 19 23:31:11 mach sshd2[2918]: debug3: secure_filename: terminating 
check at '/home/user2'
#Jan 19 23:31:11 mach sshd2[2918]: debug1: matching key found: file 
/home/user2/.ssh/authorized_keys, line 1
#Jan 19 23:31:11 mach sshd2[2918]: Found matching RSA key: 
fe:45:ce:60:fd:5c:a2:79:db:86:65:15:ad:d2:b2:e4
#Jan 19 23:31:11 mach sshd2[2918]: debug1: restore_uid: 0/0
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_answer_keyallowed: key 
0x80a5928 is allowed
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_send entering: type 21
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_receive entering
#Jan 19 23:31:11 mach sshd2[2918]: debug3: monitor_read: checking request 22
#Jan 19 23:31:11 mach sshd2[2918]: debug1: ssh_rsa_verify: signature correct
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_answer_keyverify: key 
0x80a5b40 signature verified
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_send entering: type 23
#Jan 19 23:31:11 mach sshd2[2918]: debug2: pam_acct_mgmt() = 13
#Jan 19 23:31:11 mach sshd2[2918]: PAM rejected by account 
configuration[13]: User account has expired
#Jan 19 23:31:11 mach sshd2[2918]: Failed publickey for user2 from 
10.0.0.11 port 16760 ssh2
#Jan 19 23:31:11 mach sshd2[2918]: debug3: mm_request_receive entering
#Jan 19 23:31:11 mach sshd2[2918]: debug3: monitor_read: checking request 24
#Jan 19 23:31:11 mach sshd2[2918]: fatal: monitor_read: unsupported 
request: 24
#Jan 19 23:31:11 mach sshd2[2918]: debug1: Calling cleanup 0x8054370(0x0)


sshd2 LOG in case of Hostbased Auth. was set on it:

#Jan 19 21:11:22 mach sshd2[21184]: debug2: userauth_hostbased: access 
allowed by auth_rhosts2
#Jan 19 21:11:22 mach sshd2[21184]: debug3: check_host_in_hostfile: 
#filename /etc/ssh/ssh_known_hosts
#Jan 19 21:11:22 mach sshd2[21184]: debug3: check_host_in_hostfile: 
match line 6
#Jan 19 21:11:22 mach sshd2[21184]: debug2: check_key_in_hostfiles: key 
ok for test1.fas.utv.skanova.net
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_answer_keyallowed: key 
0x80a60a8 is allowed
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_append_debug: Appending 
debug messages for child
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_send entering: 
type 21
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_receive entering
#Jan 19 21:11:22 mach sshd2[21184]: debug3: monitor_read: checking 
request 22
#Jan 19 21:11:22 mach sshd2[21184]: debug1: ssh_rsa_verify: signature 
correct
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_answer_keyverify: key 
0x80a62f8 signature verified
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_send entering: 
type 23
#Jan 19 21:11:22 mach sshd2[21184]: debug2: pam_acct_mgmt() = 13
#Jan 19 21:11:22 mach sshd2[21184]: PAM rejected by account 
configuration[13]: User account has expired
#Jan 19 21:11:22 mach sshd2[21184]: Failed hostbased for user2 from 
10.0.0.11 port 16708 ssh2
#Jan 19 21:11:22 mach sshd2[21184]: debug3: mm_request_receive entering
#Jan 19 21:11:22 mach sshd2[21184]: debug3: monitor_read: checking 
request 24
#Jan 19 21:11:22 mach sshd2[21184]: fatal: monitor_read: unsupported 
request: 24
#Jan 19 21:11:22 mach sshd2[21184]: debug1: Calling cleanup 0x8054370(0x0)



Any ideas what can be the problem?
Regards,
Istvan

Darren Tucker

2004-Jan-20 01:21 UTC

head link

"PAM rejected by account configuration" and "fatal: monitor_read: unsupported request: 24" problem at secong sshd instance

Istvan Viczian wrote:> I setup two sshd instance (using OpenSSH_3.5p1 bins on redhat7.2  kernel 
> 2.4.20-19.7smp ) in order to achieve differnet sshd settings (e.g use 
> different auth.method) on two different network interfaces (both on port 
> 22).
[snip]> ( the second instance started with : sshd -f /etc/ssh2/sshd_config 
> without any problem)
> 
> When I started the two daemon, the first instance
> ( which uses the default /etc/ssh conf. dir.)
> always worked properly (login from host 10.0.0.11 as user2)
> independently form the used auth. method
> , but the second daemon always failed after the successfull 
> authentication with
> 
>   "PAM rejected by account configuration[]: User account has
expired"
>   and
>   "fatal: monitor_read: unsupported request: 24"
> 
> error messages (see detailed logs below ).
PAM thinks the account has expired.  Check it with "chage -l 
accountname" and if it is, unexpire it ("chage -E" I think, check
the
man page).
> I also tried to run only the second instance, and the same problem
> appeared! So it seems for me that the problem is reduced to using non 
> default sshd config file!
I suspect that your first sshd was compiled without PAM support and the 
second was compiled with it.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Darren Tucker

2004-Jan-20 05:20 UTC

head link

"PAM rejected by account configuration" and "fatal: monitor_read: unsupported request: 24" problem at secong sshd instance

Istvan Viczian wrote:> I setup two sshd instance (using OpenSSH_3.5p1 bins on redhat7.2  kernel 
> 2.4.20-19.7smp ) in order to achieve differnet sshd settings (e.g use 
> different auth.method) on two different network interfaces (both on port 
> 22).
[snip]> ( the second instance started with : sshd -f /etc/ssh2/sshd_config 
> without any problem)
> 
> When I started the two daemon, the first instance
> ( which uses the default /etc/ssh conf. dir.)
> always worked properly (login from host 10.0.0.11 as user2)
> independently form the used auth. method
> , but the second daemon always failed after the successfull 
> authentication with
> 
>   "PAM rejected by account configuration[]: User account has
expired"
>   and
>   "fatal: monitor_read: unsupported request: 24"
> 
> error messages (see detailed logs below ).
PAM thinks the account has expired.  Check it with "chage -l 
accountname" and if it is, unexpire it ("chage -E" I think, check
the
man page).
> I also tried to run only the second instance, and the same problem
> appeared! So it seems for me that the problem is reduced to using non 
> default sshd config file!
I suspect that your first sshd was compiled without PAM support and the 
second was compiled with it.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Seemingly Similar Threads

Search for more seemingly similar threads

openssh unix dev - Jan 2004 - "PAM rejected by account configuration" and "fatal: monitor_read: unsupported request: 24" problem at secong sshd instance

"PAM rejected by account configuration" and "fatal: monitor_read: unsupported request: 24" problem at secong sshd instance

"PAM rejected by account configuration" and "fatal: monitor_read: unsupported request: 24" problem at secong sshd instance

"PAM rejected by account configuration" and "fatal: monitor_read: unsupported request: 24" problem at secong sshd instance

Seemingly Similar Threads