cr314 Regular Contributor.
Regular Contributor.

PAM and linux audit.log

Hello everyone,

I installed PAM 3.2 in RHEL, I've configured a Credential vault for user to access to other linux server using ssh relay, but in audit.log RHEL remote server shows the next message:

type=USER_AUTH msg=audit(1569432834.581:14668): pid=12300 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey acct="usr" exe="/usr/sbin/sshd" hostname=? addr=10.x.x.x terminal=ssh res=failed'

Could you help me how to fix it?.

Thanks in advance.




1 Reply
Micro Focus Expert
Micro Focus Expert

Re: PAM and linux audit.log

I'm not familiar with that format from the RHEL perspective. From a PAM sshrelay perspective, you should confirm in the Reporting Console that the user is being authorized by cmdctrl for access (Authorize: Yes), and then you could check the client.log for the ssh connection to the target server and check for any issue there, please see TID 7021106 - How to enable the client log.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.