sshd on a minimal Linux: "Failed password for invalid user root"

Divius asked:

I’m trying to start SSH server on a minimal Fedora installation. And I mean really minimal: one that is produced by diskimage-builder ramdisk builder. It does not even have users (absent /etc/passwd etc).

So, now I’m trying to run sshd on such a system. During the build I copy /etc/{passwd,group,shadow} from a minimal (hmm.. less minimal) system. I also pregenerate host keys and sshd_config:

PermitRootLogin yes
UsePAM no
UseDNS no
UsePrivilegeSeparation no
PasswordAuthentication yes
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key

(full script). In the ramdisk I set root password via chpasswd and start SSHd with

/sbin/sshd -p $SSH_PORT

(SSH_PORT being 22 for now – default one). And after the ramdisk boots and reports back, I try to log in. Here fun starts:

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
root@'s password: 
debug1: Authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
root@'s password:

In ssh logs on a server I see

debug1: userauth-request for user root service ssh-connection method password
Could not get shadow information for NOUSER
Failed password for invalid user root from port 38734 ssh2

So despite everything I tried, user ‘root‘ stays invalid. Any ideas are appreciated.

My answer:

Perhaps you didn’t see this comment in the default sshd_config file?

# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
# problems.

On Fedora and Red Hat, you must enable PAM authentication.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.