How to Solve Error SSH Remote Access Permission denied, please try again

Posted on

Introduction

There is another article that relates with the error condition exists as it shows in the title of this article. Actually, the article exists in this link. Furthermore, it describes the root cause and the main problem in detail description. Moreover, the error is actually possible to be available as the continuation of a condition after solving the ssh error problem in this link.

Below is the output of the error when performing the ‘ssh’ command in the command line :

user@hostname:~$ ssh [email protected]
[email protected]'s password: 
Permission denied, please try again.
user@hostname:~$

Assessing the situation

In order to solve the problem further, check the ssh service status. Although the remote access via ssh is broken, it is not a problem to check it. Fortunately, there is an active terminal in that server to do it. The ssh service checking process exists in the following output :

[root@localhost lib64]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-02-04 09:08:21; 2min 55s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 22929 (sshd)
   CGroup: /system.slice/sshd.service
           └─22929 /usr/sbin/sshd -D
Feb 04 09:10:48 localhost.localdomain sshd[23036]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx  user=xxxxxx
Feb 04 09:10:52 localhost.localdomain sshd[23059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx  user=xxxxxx
Feb 04 09:10:52 localhost.localdomain sshd[23059]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "xxxxxx"
Feb 04 09:10:55 localhost.localdomain sshd[23059]: Failed password for xxxxxx from xxx.xxx.xxx.xxx port 45084 ssh2
Feb 04 09:10:57 localhost.localdomain sshd[23059]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "xxxxxx"
Feb 04 09:10:59 localhost.localdomain sshd[23059]: Failed password for xxxxxx from xxx.xxx.xxx.xxx port 45084 ssh2
Feb 04 09:11:03 localhost.localdomain sshd[23059]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "xxxxxx"
Feb 04 09:11:05 localhost.localdomain sshd[23059]: Failed password for xxxxxx from xxx.xxx.xxx.xxx port 45084 ssh2
Feb 04 09:11:05 localhost.localdomain sshd[23059]: Connection closed by xxx.xxx.xxx.xxx port 45084 [preauth]
Feb 04 09:11:05 localhost.localdomain sshd[23059]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx  user=xxxxxx
[root@localhost lib64]# 

Solving the problem

Actually, the following are the steps to accomplish it :

1. First of all, the error occurs after removing packages where the event is mentioned clearly in the article in this link. Fix it by recovering the package with the name of nss-softokn-freebl manually. Achieve it by copy all the files related to the package. Find those related files by visiting the rpm package search page. For an example in this link. In the ‘Files’ section on the page in that link, it lists all of the related files :

/etc/prelink.conf.d
/etc/prelink.conf.d/nss-softokn-prelink.conf
/usr/lib/dracut/dracut.conf.d/50-nss-softokn.conf
/usr/lib/dracut/modules.d/05nss-softokn
/usr/lib/dracut/modules.d/05nss-softokn/module-setup.sh
/usr/lib64/libfreebl3.chk
/usr/lib64/libfreebl3.so
/usr/lib64/libfreeblpriv3.chk
/usr/lib64/libfreeblpriv3.so

Screenshot image of the ‘Files’ section as follows :

Similarly, the information containing list of related files also exists in this link. Also, In the ‘Files’ section on the page in the mentioned link before, the lists below is the affected files for installing nss-softokn-freebl package.

/etc/prelink.conf.d/nss-softokn-prelink.conf
/usr/lib/dracut/dracut.conf.d/50-nss-softokn.conf
/usr/lib/dracut/modules.d/05nss-softokn/module-setup.sh
/usr/lib64/libfreebl3.chk
/usr/lib64/libfreebl3.so
/usr/lib64/libfreeblpriv3.chk
/usr/lib64/libfreeblpriv3.so

In the mentioned link above, list of the related files with nss-softokn-freebl package exists below in the image screenshot :

2. Copy all of the necessary files into the correct location from another server with the same operating system or environment.

Executing the solution for solving the problem

In this context, the incident of the packages removal makes ‘yum’ utility is also broken. So, reinstalling the packages is definitely not possible. The only option is by manually copying related files. Eventually, in the next section there are description of steps to achieve it in a systematic order.

Copy the first file, the nss-softokn-prelink.conf file

Start checking the condition in the target or the problematic server location before copying the first file, the nss-softokn-prelink.conf, below is :

[root@target lib]# cd /etc/prelink.conf.d/
[root@target prelink.conf.d]# ls
fipscheck.conf  grub2.conf
[root@target prelink.conf.d]#

There is no nss-fotokn-prelink.conf exist according to the output above. So, copy the first file, the nss-softokn-prelink.conf from source server to the problematic or the target server location :

[root@source prelink.conf.d]# scp nss-softokn-prelink.conf [email protected]:/home/user
[email protected]'s password: 
nss-softokn-prelink.conf                                                                                                                                                   100%  xxxxx xxxx/s   00:00    
[root@source prelink.conf.d]$

After finishing the copy process of the first file, below is the condition in the problematic or the target server location :

[root@target prelink.conf.d]# mv /home/user/nss-softokn-prelink.conf . 
[root@target prelink.conf.d]# ls -al
total 24
drwxr-xr-x.  2 root root   78 Feb  4 09:33 .
drwxr-xr-x. 76 root root 8192 Feb  4 07:50 ..
-rw-r--r--.  1 root root   57 Aug  2 2017 fipscheck.conf
-rw-r--r--.  1 root root  220 Oct 21 2017 grub2.conf
-rw-r--r--.  1 root root  184 Feb  4 09:30 nss-softokn-prelink.conf
[root@target prelink.conf.d]#

As the output above, at last the file exists.

Copy the second file, the 50-nss-softokn.conf file

Similarly, before copying the second file just check the condition in the target or the problematic server location :

[root@target dracut]# cd dracut.conf.d/
[root@target dracut.conf.d]# ls
01-dist.conf  01-microcode.conf  02-rescue.conf  76-phys-port-name.conf
[root@target dracut.conf.d]#

In the output above, there is no file with the name of 50-nss-softokn.conf, so copy the second file from source server to the problematic or the target server location :

[root@source dracut.conf.d]# scp 50-nss-softokn.conf [email protected]:/home/user
[email protected]'s password: 
50-nss-softokn.conf                                                                                                                                                   100%  xxxxx xxxx/s   00:00    
root@source dracut.conf.d]#

After the copy process of the second file, don’t forget to check the condition of the problematic or the target server location :

[root@target prelink.conf.d]# mv /home/user/50-nss-softokn.conf . 
[root@target dracut.conf.d]# ls -al
total 20
drwxr-xr-x. 2 root root 130 Feb  4 09:37 .
drwxr-xr-x. 4 root root 236 Jul 16 2018 ..
-rw-r--r--. 1 root root 524 Apr 11 2018 01-dist.conf
-rw-r--r--. 1 root root  22 May 24 2018 01-microcode.conf
-rw-r--r--. 1 root root  26 Apr 11 2018 02-rescue.conf
-rw-r--r--. 1 root root  65 Feb  4 09:36 50-nss-softokn.conf
-rw-r--r--. 1 root root 117 Apr 11 2018 76-phys-port-name.conf
[root@target dracut.conf.d]#

Finally, the file with the name of 50-nss-softokn.conf exist.

Copy the third file, the module-setup.sh file

Check the availability of the third file which is the module-setup.sh file. It is done by checking the condition in the target or the problematic server location :

[root@target prelink.conf.d]# cd /usr/lib/dracut/
[root@target dracut]# ls
dracut.conf.d  dracut-functions  dracut-functions.sh  dracut-initramfs-restore  dracut-init.sh  dracut-install  dracut-logger.sh  dracut-version.sh  modules.d  skipcpio
[root@target dracut]# cd modules.d/
[root@target modules.d]# ls -al
total 16
drwxr-xr-x. 64 root root 4096 Feb  4 07:50 .
drwxr-xr-x.  4 root root  236 Jul 16 2018 ..
drwxr-xr-x.  2 root root   29 Jul 16 2018 00bash
drwxr-xr-x.  2 root root   29 Jul 16 2018 00systemd-bootchart
drwxr-xr-x.  2 root root   57 Jul 16 2018 03modsign
drwxr-xr-x.  2 root root   29 Jul 16 2018 03rescue
drwxr-xr-x.  2 root root   72 Jul 16 2018 04watchdog
drwxr-xr-x.  2 root root   29 Jul 16 2018 05busybox
drwxr-xr-x.  2 root root  111 Jul 16 2018 10i18n
drwxr-xr-x.  2 root root   72 Jul 16 2018 30convertfs
....
drwxr-xr-x.  2 root root  227 Jul 16 2018 99kdumpbase
drwxr-xr-x.  2 root root   48 Jul 16 2018 99shutdown
drwxr-xr-x.  2 root root   48 Jul 16 2018 99uefi-lib
[root@target modules.d]#

Before copying the third file, create the folder to place the module-setup.sh file in the target or the problematic server location :

[root@source modules.d]# mkdir 05nss-softokn
[root@source modules.d]# chmod -Rv 755 05nss-softokn/
mode of ‘05nss-softokn/’ retained as 0755 (rwxr-xr-x)
[root@source modules.d]# cd 05nss-softokn/
[root@source 05nss-softokn]# ls -al
total 4
drwxr-xr-x.  2 root root    6 Feb  4 09:34 .
drwxr-xr-x. 65 root root 4096 Feb  4 09:34 ..
[root@source 05nss-softokn]#

Afterwards, just continue the above step to copy the third file. Certainly it is for copying the module-setup.sh file to the target or the problematic server :

[root@source 05nss-softokn]# scp 05nss-softokn/module-setup.sh [email protected]:/home/user
[email protected]'s password: 
module-setup.sh                                                                                                                                                   100%  xxxxx xxxx/s   00:00  
[root@source 05nss-softokn]#

In the end, don’t forget to check the problematic server after copying the third file. Obviously to check the availability of that file :

[root@target 05nss-softokn]# ls
[root@target 05nss-softokn]# mv /home/user/module-setup.sh . 
[root@target 05nss-softokn]# ls -al
total 8
drwxr-xr-x.  2 root root   29 Feb  4 09:35 .
drwxr-xr-x. 65 root root 4096 Feb  4 09:34 ..
-rw-r--r--.  1 root root  293 Feb  4 09:34 module-setup.sh
[root@target 05nss-softokn]#

Copy the rest of the files, the libfreebl3.so, libfreebl3.chk, libfreeblpriv3.chk and libfreeblpriv3.so files

As the previous steps, check first the condition of the target or the problematic server before copying all those files :

[root@target lib64]# ls -al
total 62072
dr-xr-xr-x. 40 root root   20480 Feb  4 09:40 .
drwxr-xr-x. 15 root root     188 Jul 30 2018 ..
drwxr-xr-x.  2 root root       6 Jun 10 2014 apr-util-1
drwxr-xr-x.  2 root root      28 Jul 16 2018 audit
...
-r-xr-xr-x.  1 root root  356120 Apr 11 2018 libdevmapper.so.1.02
...
-rwxr-xr-x.  1 root root   72192 Sep  7 2017 libformw.so.5.9
...
-rwxr-xr-x.  1 root root  535064 Aug  2 2017 libgcrypt.so.11.8.2
...
-rwxr-xr-x.  1 root root  339104 Apr 11 2018 libgobject-2.0.so.0.5400.2
...
drwxr-xr-x.  2 root root    4096 Jul 16 2018 xtables
[root@target lib64]# 

In the above output, there are no related files with the nss-softokn-freebl package. So, copy all of those files from the source server to the target or problematic server :

[root@localhost dracut.conf.d]# cd /usr/lib64/
[root@localhost lib64]# scp libfreebl3.so libfreebl3.chk libfreeblpriv3.so libfreeblpriv3.chk 
[email protected]'s password: 
libfreebl3.so                                                                                                                                                   100%  xxxxx xxxx/s   00:00 
libfreebl3.chk                                                                                                                                                   100%  xxxxx xxxx/s   00:00  
libfreeblpriv3.so                                                                                                                                                   100%  xxxxx xxxx/s   00:00 
libfreeblpriv3.chk                                                                                                                                                   100%  xxxxx xxxx/s   00:00 
[root@localhost lib64]#

Last but not least, below is the last output in this article. Mainly, it is to make sure the content in the target or the problematic server. Look for the libfreebl3.chk, libfreebl3.so, libfreeblpriv3.chk and libfreeblpriv3.so file whether it exist in it or not :

[root@localhost lib64]# ls -al
total 62072
dr-xr-xr-x. 40 root root   20480 Feb  4 09:40 .
drwxr-xr-x. 15 root root     188 Jul 30 2018 ..
drwxr-xr-x.  2 root root       6 Jun 10 2014 apr-util-1
drwxr-xr-x.  2 root root      28 Jul 16 2018 audit
...
-rwxr-xr-x.  1 root root   72192 Sep  7 2017 libformw.so.5.9
-rw-r--r--.  1 root root     899 Feb  4 09:39 libfreebl3.chk
-rwxr-xr-x.  1 root root   11448 Feb  4 09:04 libfreebl3.so
-rw-r--r--.  1 root root     899 Feb  4 09:39 libfreeblpriv3.chk
-rw-r--r--.  1 root root  551840 Feb  4 09:39 libfreeblpriv3.so
...
drwxr-xr-x.  2 root root    4096 Jul 16 2018 xtables
[root@localhost lib64]#

Finishing the solution

Finally, restart the ssh server and remote the problematic or the target server again for final testing.

Leave a Reply