Weird SSH problem... Any ideas?!?

Alex Zbyslaw xfb52 at dial.pipex.com
Thu Oct 20 03:24:10 PDT 2005


Olaf Greve wrote:

> Hi,
>
> Yesterday it has been brought to my attention that SSH access is not 
> working well on my new server.
>
> The background: I have set-up a new server (FreeBSD 5.4-Release 
> AMD/64) and I migrated the user accounts from my old server (FreeBSD 
> 5.2.1-Release i386).
>
> Now, I was under the assumption everything was working fine, as I 
> myself have no issues in SSH-ing as unprivileged user to the machine 
> (note: my unprivileged account is featured in the wheel group, which 
> may be of importance!).
>
> However, when a regular user who resides in a regular group tries to 
> SSH to the machine, after entering the correct password the connection 
> is immediately dropped, and the following error (note: the below lines 
> contain dummy names and IP addresses) is shown in /var/log/auth.log:
>
> Oct 20 11:39:40 milx sshd[48147]: Accepted keyboard-interactive/pam 
> for abcdef from 123.45.67.89 port 35335 ssh2
> Oct 20 11:39:40 milx sshd[48150]: fatal: login_get_lastlog: Cannot 
> find account for uid 1234
>
> I have done some Googling on it, and there are quite a few hits when 
> searching for this particular error message. The errors seem to be 
> happening on all sorts of Unixes, yet as my machines are FreeBSD ones, 
> I'm asking here.
>
> I have unfortunately not been able to find a solution using Google, 
> but I did find some pointers as to the cause. They are:
> -This seems to happen when SSH cannot retrieve the last login date and 
> time for a user. Can this somehow implicitly or explicitly be flushed?
> -This does not happen when "su -" ing to the user's account from the 
> box itself.
> -This may not happen to users that are allowed to become root (i.e. 
> are in the wheel group).

If it *is* related to getting last login time then maybe the permissions 
on /var/log/wtmp are wrong?

Mine are

352 -rw-r--r--  1 root  wheel  - 329428 Oct 20 10:54 /var/log/wtmp

but if other did not have read permission it would fit with the 
assumptions and symptoms you mention.

Group wheel is only about su-ing on BSD, though it is often used to give 
read/write permissions on files to those privileged users.

--Alex




More information about the freebsd-questions mailing list