Introduction
This guide explains information about troubleshooting access problems caused by the AllowUsers configuration found in the /etc/ssh/sshd_config file.
Please keep in mind that the management and maintenance of configurations for services that cPanel does not create and provide such as the SSHD service, are tasks that are best handled by a systems administrator with the skills, training, and expertise required to do so for you. Although this configuration is not related to cPanel or the basic configuration of cPanel, we would like to offer this information as a courtesy.
Symptoms
You may find that you are unable to login to the server via SSH with some or all users of the server.
Error messages that you may see are listed below.
The following error is shown in /var/log/secure when you enable debug output for SSHD.
User exampleuser from xxx.xxx.xxx.xxx not allowed because not listed in AllowUsers
The following errors are shown in /var/log/secure before debug logging is enabled for SSHD:
Failed password for invalid user exampleuser from xxx.xxx.xxx.xxx port xxxxx ssh2
Invalid user exampleuser from xxx.xxx.xxx.xxx port xxxxx
input_userauth_request: invalid user exampleuser [preauth]
The following error is shown by the Putty SSH client when attempting to login:
Server refused our key
Description
The AllowUsers directive determines which users can login via the SSH. This directive works in concert with other directives such as DenyUsers etc. Please review the manual page on your server if this guide is not sufficient for your specific situation.
man sshd_config
If the AllowUsers directive does not contain the username that you are attempting to use for SSH access, you will not be able to login with that user.
Resolution
- Login to the server as the root user via Terminal, or Console access.
NOTE: While these steps are possible when accessing the server via SSH, it is best practice to use a method of access other than SSH because an accidental typo or other problematic edit to the SSHD configuration file can sever your connection to the server while you are using SSH. - Make a backup of the existing configuration with the following command:
cp -v /etc/ssh/sshd_config{,$(date +.%Y-%b-%d-%H-%M-%S)}
- Open the configuration with a text editor of your choice:
/etc/ssh/sshd_config
- Locate and Edit the AllowUsers configuration so that it lists the users that should access the server. This list of users must contain the user that you are having trouble with. The usernames are case sensitive, and are delimited by spaces. The following is an example:
AllowUsers root usernumber1 usernumber2 usernumber3
- Restart the SSH daemon with the following command to load the new configuration:
/scripts/restartsrv_sshd --restart
Comments
0 comments
Article is closed for comments.