# Can no longer ssh into box as a normal user

## Parabola

only as root.

What changed?

Seems to have started after a -u world that updated baselayout.  I've looked through the sshd_config file but nothing seems obvious.  I've never had to do anything to make this work before....

----------

## rac

You didn't happen to overwrite your /etc/passwd, did you?

----------

## Parabola

Nope, it still looks good.

----------

## Dalrain

I am also having this problem, same check on the password file and all after the latest baselayout change.  It all still looks good, and I can still login from the console, just regular users can no longer SSH.  No joy  :Sad: 

----------

## Dalrain

Note: This happens with two systems of mine, both running withOUT the unstable flag, if that makes any difference.  Could be something got weird with the stable systems only?

----------

## rac

Does running ssh with the -v flag give any useful hints?

----------

## theclaus

Okay I had this problem and someone on IRC helped me out.  This is what he said to do.

[08:45] <vegai> TheClaus: try usermod -s /bin/bash user

When I did that it worked.  Though while I was at it I also did a etc-update.  After that I tried ssh as normal user and it worked great.

----------

## Parabola

 *theclaus wrote:*   

> Okay I had this problem and someone on IRC helped me out.  This is what he said to do.
> 
> [08:45] <vegai> TheClaus: try usermod -s /bin/bash user
> 
> When I did that it worked.  Though while I was at it I also did a etc-update.  After that I tried ssh as normal user and it worked great.

 

That was it.  Not sure why it changed but that fixed it.  Thanks.

----------

## Dalrain

This fix also did it for me....also, I don't know why it changed....all that could have happened was whatever occurred during the update..

Ah well, many thanks, my system is happy again  :Smile: 

----------

## mooman

If 3 different people had this, this ought to get published as an FAQ or Tip/Trick.  (I'd say the former since it sounds more like fixing something broken than just handy advice...)

----------

## nick58b

Make that four.  I had this problem on both my gentoo boxes after the last emerge -u world.

----------

## fleed

Count another one. Started having the problem only after last emerge -u world. Must be tighter security in something that was updated, maybe pam?

----------

## ibrandt

I got this too, and just updated baselayout as well, but it only effected one of the two user accounts I have setup.  Thank goodness that was the case, because I have 'PermitRootLogin no' in sshd_config, and my box is co-located!

----------

## rlyacht

I just had this problem and the usermod -s /bin/bash user fix worked for me. can someone explain what happened?

----------

## Dalrain

Hmmm...just a thought, but did this happen to only the user you su'ed from to do your emerging as root?  I have a habit of using su - to do my tasks, and the user I su'ed from would be the one that had this problem.  Is this perhaps the same for others?  Or am I totally just thinking incorrectly?

----------

## ibrandt

 *Dalrain wrote:*   

> Hmmm...just a thought, but did this happen to only the user you su'ed from to do your emerging as root?  I have a habit of using su - to do my tasks, and the user I su'ed from would be the one that had this problem.  Is this perhaps the same for others?  Or am I totally just thinking incorrectly?

 

Actually for me it was just the opposite, the user that I don't su to root from was the one that got locked out.  The user in question is not a member of the wheel group, just users.

----------

## rac

For people who got fixed by running "usermod -s /bin/bash", I suspect that you had created users with no login shell.

----------

## clattuc

 *rac wrote:*   

> For people who got fixed by running "usermod -s /bin/bash", I suspect that you had created users with no login shell.

 

Well, at least in my case, that wasn't it. Shells were already specified (as /bin/bash), but re-specifying them with the usermod thingie fixed the problem... weirdness ...  :Rolling Eyes: 

----------

## Parabola

 *rac wrote:*   

> For people who got fixed by running "usermod -s /bin/bash", I suspect that you had created users with no login shell.

 Yeah my account looks to have had no shell specified when I created it, but why would it work before?

----------

## yottabit

Yes, the listed command will simply add a "/bin/bash" shell selection to the user definition in the "/etc/passwd" file.

I noticed the same thing, but instead of using the command as stated, I just manually edited /etc/passwd with "nano -w /etc/passwd" and tagged on a "/bin/bash" to the end of the user with the problem.

I can't believe I would have created this user without a shell definition in the first place, but anything is possible, and I have no reason to believe that the user had ever logged in via ssh before...

If sshd was authenticating users without shells, that's a security bug. So the fact that it has been fixed with the latest round of updates is a Good Thing (tm).

Cheers,

J

----------

## doll1

Helpful thread   :Smile: 

----------

## gtsquirrel

This was a very helpful thread.  I guess we're all used to distros that auto-set the shell to some default.  Thanks a lot for the help, everyone!

chris

----------

## Ti_Uhl

Hello,

If u look at your pam config for ssh login u can see that in order for a user to log in it needs to have a valid shell. This is for security reasons... so either add a valid shell to the /etc/passwd or change your pam config

Greetz Ti_Uhl

```

#%PAM-1.0

auth       required   pam_stack.so service=system-auth

auth       required     pam_shells.so

auth      required   pam_nologin.so # needs a valid shell !!!

account    required   pam_stack.so service=system-auth

password   required   pam_stack.so service=system-auth

session      required   pam_stack.so service=system-auth

```

----------

