I have 2 RHEL machines . I am attempting to login via ssh with publickeyauthentication from 1 machine (say Machine A) to the other (say machine B) both of which are in the same network. For that first i created a .ssh folder in the home directory of an account which happens to be a domain account. Then i created a file "authorized_keys" wher i added the public key generated in the machine B. I gave appropriate permissions to the ".ssh" folder ( 700 ) and the "authorized_keys" file (600). I also made necessary changes in the /etc/ssh/sshd_config file and restarted sshd service . When i tried to login from machine B via ssh it is still prompting for password.
My /etc/pam.d/sshd file looks like below
`
#### Google OS Login control. Do not edit this section. ####
auth [default=ignore] pam_group.so
#### End Google OS Login control section. ####
#%PAM-1.0
auth substack password-auth
auth include postlogin
account required pam_sepermit.so
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session optional pam_motd.so
session include password-auth
session include postlogin`# This file is used for both password-auth and system-auth and is statically managed by Salt
auth required pam_env.so
auth required pam_faildelay.so delay=2000000
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
auth [default=1 ignore=ignore success=ok] pam_localuser.so
auth sufficient pam_unix.so nullok try_first_pass
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
auth sufficient pam_sss.so forward_pass
auth required pam_deny.so
account [success=2 default=ignore] pam_succeed_if.so service in su:su-l:sudo:sudo-i:login:systemd-user:crond quiet
account [success=1 default=ignore] pam_oslogin_login.so
account substack gmi-policy
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_usertype.so issystem
account [default=bad success=ok user_unknown=ignore] pam_sss.so quiet
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_sss.so
Asked by Biswa
(99 rep)
May 7, 2025, 07:02 PM
Last activity: May 7, 2025, 11:08 PM
Last activity: May 7, 2025, 11:08 PM