Maniphest T207474

SSH auth to some Cloud VPS instances fails but root works
Closed, InvalidPublic
Actions

Assigned To

Authored By

	• GTirloni
	Oct 19 2018, 2:40 PM

Description

gerrit-myql:

Oct 19 14:21:14 gerrit-mysql sshd[3888]: Connection from 10.68.18.66 port 57152 on 172.16.1.180 port 22
Oct 19 14:21:15 gerrit-mysql sshd[3888]: Postponed publickey for gtirloni from 10.68.18.66 port 57152 ssh2 [preauth]
Oct 19 14:21:15 gerrit-mysql sshd[3888]: pam_access(sshd:account): access denied for user `gtirloni' from `10.68.18.66'
Oct 19 14:21:15 gerrit-mysql sshd[3888]: Failed publickey for gtirloni from 10.68.18.66 port 57152 ssh2: RSA SHA256:xxx
Oct 19 14:21:15 gerrit-mysql sshd[3888]: fatal: Access denied for user gtirloni by PAM account configuration [preauth]

Event Timeline

• GTirloni created this task.Oct 19 2018, 2:40 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 19 2018, 2:40 PM

Paladox subscribed.Oct 19 2018, 2:53 PM

• GTirloni triaged this task as Low priority.Oct 21 2018, 7:13 PM

deployment-deploy01:

Oct 21 21:53:14 deployment-deploy01 sshd[5502]: Connection from 10.68.18.66 port 34586 on 10.68.23.38 port 22
Oct 21 21:53:15 deployment-deploy01 sshd[5502]: Postponed publickey for gtirloni from 10.68.18.66 port 34586 ssh2 [preauth]
Oct 21 21:53:15 deployment-deploy01 sshd[5502]: pam_access(sshd:account): access denied for user `gtirloni' from `10.68.18.66'
Oct 21 21:53:15 deployment-deploy01 sshd[5502]: Failed publickey for gtirloni from 10.68.18.66 port 34586 ssh2: RSA SHA256:xxx
Oct 21 21:53:15 deployment-deploy01 sshd[5502]: fatal: Access denied for user gtirloni by PAM account configuration [preauth]

Are you connecting from bastion-restricted?

Yes (connections coming from 10.68.18.66). This is my ~/.ssh/config:

Host *.wmflabs
  ProxyCommand ssh -a -W %h:%p restricted.bastion.wmflabs.org

You aren't in the groups able to access those hosts:

krenair@deployment-deploy01:~$ getent group project-deployment-prep | grep gtir
krenair@deployment-deploy01:~$ getent group project-git | grep gtir
krenair@deployment-deploy01:~$

I've added you as a member of deployment-prep, try deployment-deploy01 now.

Mentioned in SAL (#wikimedia-cloud) [2018-10-22T00:27:27Z] <Krenair> Added gtirloni as a member per T207474 - I imagine he'll want to get in to look at shinken-related things

@Krenair that worked, thanks a lot! Learning something new every day about our environments :-)

• GTirloni closed this task as Resolved.Oct 22 2018, 9:47 AM

Krenair changed the task status from Resolved to Invalid.Oct 22 2018, 2:01 PM

SSH auth to some Cloud VPS instances fails but root worksClosed, InvalidPublicActions

Description

Event Timeline

SSH auth to some Cloud VPS instances fails but root works
Closed, InvalidPublic
Actions