PAM and linux audit.log
I installed PAM 3.2 in RHEL, I've configured a Credential vault for user to access to other linux server using ssh relay, but in audit.log RHEL remote server shows the next message:
type=USER_AUTH msg=audit(1569432834.581:14668): pid=12300 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="usr" exe="/usr/sbin/sshd" hostname=? addr=10.x.x.x terminal=ssh res=failed'
Could you help me how to fix it?.
Thanks in advance.
Re: PAM and linux audit.log
I'm not familiar with that format from the RHEL perspective. From a PAM sshrelay perspective, you should confirm in the Reporting Console that the user is being authorized by cmdctrl for access (Authorize: Yes), and then you could check the client.log for the ssh connection to the target server and check for any issue there, please see TID 7021106 - How to enable the client log.