ssh logins fail between 2 different ODA nodes (Doc ID 2479802.1)

Last updated on MAY 24, 2020

Applies to:

Symptoms

Logins via ssh between different nodes in an ODA environment started failing, even though the nodes were up and their ip addresses could be pinged successfully.

The following was seen when running ssh in verbose mode:


[oracle@host1~]$ ssh host2 -vvv
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/oracle/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to host2[10.x.x.x] port 22.
debug1: Connection established. 
...
...

debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug3: channel 0: close_fds r -1 w -1 e 6
debug3: Wrote 36 bytes for a total of 2993
debug3: Wrote 68 bytes for a total of 3061
Connection to host2 closed.
Transferred: sent 2840, received 4160 bytes, in 0.1 seconds
Bytes per second: sent 21781.2, received 31904.8
debug1: Exit status 254
...

and the following was also logged to var/log/secure:

Aug 22 13:29:14 host2 sshd[38514]: pam_unix(sshd:session): session opened for user oracle by (uid=0)
Aug 22 13:29:14 host2 sshd[38514]: pam_sss(sshd:session): Request to sssd failed. Connection refused
Aug 22 13:29:19 host2 sshd[38516]: Received disconnect from 10.x.x.x: 11: disconnected by user
Aug 22 13:29:19 host2 sshd[38514]: pam_unix(sshd:session): session closed for user oracle

Changes

sssd had been disabled due to the customer using a 3rd party product, Centrify for authentication.

However, The pam system-auth configuration file, was still configured with authentication via sss set as sufficient if authentication via Centrify had failed.

e.g.

pam system-auth configuration:

 However, because sssd was not intended to be used, the sssd service had been disabled on the server.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.