Unable to login via SSH as non-root

On my UCS installation running 4.4-3 errata413, I am unable to login to the server as a ‘normal’ user via SSH:

$ ssh igadget@10.0.0.1
Password: 
Connection closed by 10.0.0.1 port 22

Logging in via SSH as root works fine.
Normal users can login fine on the UCS web interface and linked apps (i.e. Nextcloud). It’s just SSH that doesn’t work.
When looking at /var/log/auth.log, I see this:

Dec 27 18:17:42 ucs1 sshd[20039]: pam_access(sshd:account): access denied for user `igadget' from `10.0.0.2'
Dec 27 18:17:42 ucs1 sshd[20037]: error: PAM: User account has expired for igadget from 10.0.0.2
Dec 27 18:17:42 ucs1 sshd[20037]: fatal: monitor_read: unpermitted request 104

I checked the UCR and “sshd/passwordauthentication” is set to “yes”.
Restarted SSH service, no effect.
Rebooted the server, no effect.

What am I doing wrong here?

Per default the login on DCs is restricted to root and members of some admin groups. You can adjust it via ucr.

To allow the group “mygroup”:

ucr set auth/sshd/group/mygroup=yes

To allow the user “myuser”:

ucr set auth/sshd/user/myuser=yes
3 Likes

That did the trick. Thank you so much SirTux! :slight_smile:

Thanks <3 Save my day.