authentication failure using SSH pam_unix(sshd:auth): authentication failure;

2011-10-24T11:22:22.125623+07:00 sshd[8909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=sshK ruser= rhost=  user=fazries
2011-10-24T11:22:22.151540+07:00 sshd[8909]: Accepted password for fazries from port 49633 ssh2
2011-10-24T11:22:22.263304+07:00 sshd[8909]: pam_unix(sshd:session): session opened for user fazries by (uid=0)
when I try connect to another server using ssh, I found an error on /var/log/secure "pam_unix(sshd:auth): authentication failure; "
okay, we know the problem is on the pam module, so we should look at sshd module on pam directory at /etc/pam.d/

at /etc/pam.d/sshd
auth       include      system-auth

account    required
account    include      system-auth

password   include     system-auth

session    required close
session    include      system-auth
session    required require_auditd
here we can see the authentication included system-auth "auth include system-auth". okay next we should take a look on /etc/pam.d/system-auth on pam system-auth look at auth section, at my system-auth module, the system will check local system (pam_unix) at the first time then check the ldap database (pam_ldap).

Alhamdulillah that issue because sshd:auth want to connect to remote server and cannot find the user at local system (pam_unix), that's why appears message authentication failure,

because my user at ldap database after cannot find the user on local system then sshd:auth try to find it at ldap database (pam_ldap), and found it.

"Accepted password for fazries from port 49633 ssh2"

at /etc/pam.d/system-auth
auth        required
auth        sufficient nullok try_first_pass
auth        requisite uid >= 500 quiet
auth        sufficient use_first_pass
auth        required
this is the way out.... :-)

replace try_first_pass to and use_first_pass to that will make ssh search user from ldap database first,if not found then ssh will search at local system.
auth        required
auth        sufficient try_first_pass
auth        sufficient nullok use_first_pass
auth        requisite uid >= 500 quiet
auth        required

that will make the error message "sshd[8909]: pam_unix(sshd:auth): authentication failure;" gone.
2011-10-27T13:33:16.738779+07:00 sshd[16689]: Accepted password for fazries from port 41924 ssh2
2011-10-27T13:33:16.895793+07:00 sshd[16689]: pam_unix(sshd:session): session opened for user fazries by (uid=0)


  1. nice job...!!! we should be donate to fazrie.!!

  2. Thanks..!! very useful...! :D

  3. Last messages:
    2012-07-04 11:25:44 -0400 security/authorization wkpauthdbs02 1 mcidb8 sshd[2011]: pam_unix(sshd:auth): check pass; user unknown {"score"=>nil}

    Anybody can send me the cause of this error. Please thanks in Advanc

  4. THANK YOU for documenting this! This was the cause of our mystery cluster login lockup after a mystery ROCKS re-imaging wiped out our login node. It provided the ~5 bytes that hosed a resource for ~500 increasingly agitated users :). This spared us the tar and feathers! Thanks again!

  5. Hey, thank you so much for this. Though I was using than But they have same concept so managed to solve the issue following your instructions. Keep it up!

  6. If you set before in system-auth can you still login with a local account (i.e. - root) if the LDAP server is down, not responding, or slow to respond? In the past I have had issues where a console login would timeout waiting for the LDAP server to respond (getting a login timeout after 60 seconds). Can anyone confirm one way or the other if setting system-auth like specified about may have a login timeout problem? This typically will come up in emergency situations (power outages for example) where network equipment or the ldap server gets shutdown and other servers are still up. Sometimes it is required to login to the physical server on the console with a local account.


  7. well done man ! another friend helped .. :) thanks.

  8. thanks this help me locate the error, with one of the company red hat servers!

  9. Worked great for me running CentOS 6.6 minimal install Thanks!!!

  10. Thanks for the help. Slightly different issue, but used your line of thought to solve it.

  11. A nice article, Have similar issue on my Linux system. Got the idea how to take next step forward... Excellent....


Post a Comment

Popular posts from this blog

Howto configure SPLUNK Universal Forwarder

openvpn howto make OCSP server using OpenSSL [Part2]