Hello! I have custom linux image based on CentOS 6.3 Linux kernel is 3.10.72-72 I now upgrading OpenSSH from 3.8 version to latest possible. Primarily I'm interesting to upgrade SSHD I've build openssh got from https://ftp2.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/ with following commands: ./configure --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/libexec/openssh --with-pam --with-privsep-path=/var/empty/sshd --without-kerberos make Build succeeded and able to deploy SSHD on my Linux. SSHD successfully started. If I use version <=6.9 I'm able to successfully login after upgrade (tried with 5.1, 6.5 and 6.9) If I use version >=7.0 I'm not able to login and get following error in syslog (tried with 7.0, 7.5 and 7.6) Mar 17 21:31:45 sshd[7961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.2.170 user=admin I also tried to upgrade pam_unix.so to version found in LinuxPAM 1.3. For me it seems to be some issue with SSHD version >=7.0 May be there were some change related to pam_unix.so usage? My /etc/pam.d/sshd file #%PAM-1.0 auth include system-auth account include system-auth account required pam_nologin.so account required pam_disabled.so password include system-auth session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so and /etc/pam.d/system-auth file #%PAM-1.0 auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass likeauth nodelay auth required pam_deny.so account required pam_unix.so password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so
On 19 March 2018 at 17:44, Yemelyanenko Fyodor <fyodor_e at hotmail.com> wrote: [...]> If I use version <=6.9 I'm able to successfully login after upgrade (tried with 5.1, 6.5 and 6.9) > If I use version >=7.0 I'm not able to login and get following error in syslog (tried with 7.0, 7.5 and 7.6)I don't know of any changes that would explain this and there's not really enough information here to figure it out. I suggest capturing the debug output (/path/to/sshd -ddde -p 222) from 6.9p1 and 7.0p1 to minimise the differences then compare the them to see where they vary, then if the reason is not obvious please post both here. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.