Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Logs with Tacacs ONLY user
- ===========================
- Sep 1 11:45:11 ubuntu sshd[1731]: Tacacs_Dev: entering getpwnam for user sshd, TEMPLATE_USER = admin
- Sep 1 11:45:11 ubuntu sshd[1731]: Tacacs_Dev: entering getpwnam for user user1, TEMPLATE_USER = admin
- Sep 1 11:45:11 ubuntu sshd[1731]: Tacacs_Dev: (getpwnam) user user1 not found locally
- Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: 1 servers defined
- Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: server[0] { addr=192.168.9.131:49, key='tac_test' }
- Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: tac_service=''
- Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: tac_protocol=''
- Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: tac_prompt=''
- Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: tac_login='pap'
- Sep 1 11:45:11 ubuntu sshd[1731]: pam_sm_authenticate: called (pam_tacplus v1.3.8)
- Sep 1 11:45:11 ubuntu sshd[1731]: pam_sm_authenticate: user [user1] obtained
- Sep 1 11:45:11 ubuntu sshd[1731]: tacacs_get_password: called
- Sep 1 11:45:11 ubuntu sshd[1731]: tacacs_get_password: obtained password
- Sep 1 11:45:11 ubuntu PAM-tacplus[1731]: unable to obtain password
- Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: 1 servers defined
- Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: server[0] { addr=192.168.9.131:49, key='tac_test' }
- Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_service=''
- Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_protocol=''
- Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_prompt=''
- Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_login='pap'
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: called (pam_tacplus v1.3.8)
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: user [user1] obtained
- Sep 1 11:45:15 ubuntu sshd[1731]: tacacs_get_password: called
- Sep 1 11:45:15 ubuntu sshd[1731]: tacacs_get_password: obtained password
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: password obtained
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: tty [ssh] obtained
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: rhost [172.17.0.1] obtained
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: trying srv 0
- Sep 1 11:45:15 ubuntu sshd[1731]: tacacs status: TAC_PLUS_AUTHEN_STATUS_PASS
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: active srv 0
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: exit with pam status: 0
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_authenticate: success setting PAM environment
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_acct_mgmt: got PAM env, auth_status = success
- Sep 1 11:45:15 ubuntu sshd[1731]: Accepted password for user1 from 172.17.0.1 port 40344 ssh2
- Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: 1 servers defined
- Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: server[0] { addr=192.168.9.131:49, key='tac_test' }
- Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_service=''
- Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_protocol=''
- Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_prompt=''
- Sep 1 11:45:15 ubuntu PAM-tacplus[1731]: tac_login='pap'
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_setcred: called (pam_tacplus v1.3.8)
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_keyinit(sshd:session): Unable to look up user "user1"
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_unix(sshd:session): session opened for user user1 by (uid=0)
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_systemd(sshd:session): Failed to get user data.
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_systemd(sshd:session): Failed to get user data.
- Sep 1 11:45:15 ubuntu sshd[1731]: pam_sm_open_session: got PAM env, auth_status = success
- Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: 1 servers defined
- Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: server[0] { addr=192.168.9.131:49, key='tac_test' }
- Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: tac_service=''
- Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: tac_protocol=''
- Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: tac_prompt=''
- Sep 1 11:45:15 ubuntu PAM-tacplus[1745]: tac_login='pap'
- Sep 1 11:45:15 ubuntu sshd[1745]: pam_sm_setcred: called (pam_tacplus v1.3.8)
- Sep 1 11:45:15 ubuntu sshd[1731]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
- Sep 1 11:45:15 ubuntu sshd[1731]: Tacacs_Dev: entering getpwnam for user user1, TEMPLATE_USER = admin
- Sep 1 11:45:15 ubuntu sshd[1731]: Tacacs_Dev: (getpwnam) user user1 not found locally
- Sep 1 11:45:15 ubuntu sshd[1731]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
- ssh user1@<ip>
- switch:~$
- cat /proc/self/loginuid
- 4294967295
- /etc/nologin has no effect
- Logs with local user
- ===========================
- Sep 1 11:55:43 ubuntu sshd[515]: pam_sm_acct_mgmt: unable to get PAM env auth_status
- Sep 1 11:55:43 ubuntu sshd[515]: Accepted password for admin from 172.17.0.1 port 58768 ssh2
- Sep 1 11:55:43 ubuntu sshd[515]: pam_unix(sshd:session): session opened for user admin by (uid=0)
- Sep 1 11:55:43 ubuntu systemd: pam_unix(systemd-user:session): session opened for user admin by (uid=0)
- Sep 1 11:55:43 ubuntu sshd[515]: pam_sm_open_session: unable to get PAM env auth_status
- Sep 1 11:55:43 ubuntu sshd[515]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
- Sep 1 11:55:43 ubuntu sshd[515]: Tacacs_Dev: entering getpwnam for user admin, TEMPLATE_USER = admin
- Sep 1 11:55:43 ubuntu sshd[515]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
- ssh admin@<ip>
- switch:~$
- cat /proc/self/loginuid
- 1003
- switch:~$
- /etc/nologin prevents non-root users from getting logged in
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement