# Ssh Login Rejected : authentication error for illegal user



## mrfontana (Feb 6, 2009)

Hello all, I am having a problem with the lastest production release(7.1). When logging in through ssh, I am able to do it for the first few times, but then after that, my login keeps getting rejected with this error.


```
sshd[852]:error:pam:authentication error for illegal user
```

I have added AllowUsers with the correct user to the sshd_config files and restarted the server several times, yet my login is still being rejected. Any ideas as to what could be causing this?


----------



## graudeejs (Feb 6, 2009)

Have you changed default password encryption algorithm (/etc/auth.conf and /etc/login.conf) recently? (i had some problems with pam in past, i think it was due to my hardening, but i'm not sure)


----
I use public key authentication... works great btw.
http://forums.freebsd.org/showthread.php?t=1508


----------



## mrfontana (Feb 6, 2009)

Nope, everything is default from a fresh install. It worked once or twice, then it just stopped


----------



## anomie (Feb 6, 2009)

mrfontana said:
			
		

> When logging in through ssh, I am able to do it for the first few times, but then after that, my login keeps getting rejected with this error.



Do you mean it worked following initial installation but then stopped working, and has not worked since? Or do you mean it works sporadically, but only for a few tries, and then it stops working for awhile? 



			
				mrfontana said:
			
		

> ```
> sshd[852]:error:pam:authentication error for illegal user
> ```



Is that the entire message from auth.log? What user are you trying to log in as? What sort of client software are you using?


----------



## mrfontana (Feb 6, 2009)

I logged in like 3 times since the install, then it started and still does deny my login with the response to my client "Access Denied". I am using Putty as my client. The exact message I am getting from the auth.log is:


```
Invalid user bob from 192.168.1.50
error:PAM:authentication for illegal-user bob from windows-machine-name
Failed keyboard-interactive/pam for invalid user from 192.168.1.50 port 2982 ssh2
```

bob is the user I am trying to login with. It's a member of wheel if that helps.


----------



## anomie (Feb 6, 2009)

I'd be curious to see the output from a couple commands: 

*# egrep -i 'allow|deny' /etc/ssh/sshd_config*

*# grep 'bob' /etc/passwd*

(I am also assuming you've reloaded or restarted sshd following and config file changes.)


----------



## johnblue (Feb 6, 2009)

anomie said:
			
		

> I'd be curious to see the output from a couple commands:


Agreed.  An invalid user is an invalid user.  Here are some SSH hammer attempts from my auth.log:
	
	



```
Feb  5 21:41:27 Invalid user james from 208.96.162.136
Feb  5 21:41:28 Invalid user austin from 208.96.162.136
Feb  5 21:41:29 Invalid user jackson from 208.96.162.136
Feb  5 21:41:30 Invalid user justin from 208.96.162.136
Feb  5 21:41:31 Invalid user brandon from 208.96.162.136
Feb  5 21:41:32 Invalid user john from 208.96.162.136
```


----------



## mrfontana (Feb 6, 2009)

Absolutely right. I ran the command and found out the user was bob1 and I had added bob to the AllowUsers. Thanks for the help and sorry for wasting everyone's time with my noob mistake.


----------



## graudeejs (Feb 6, 2009)

small things make big difference


----------



## johnblue (Feb 7, 2009)

mrfontana said:
			
		

> Thanks for the help and sorry for wasting everyone's time with my noob mistake.


I think most normal people associated with BSD are here to help and so no apologies are needed, but ya need to give props to anomie for helping ya with those grep statements.


----------



## mrfontana (Feb 7, 2009)

Yeah, big thanks to Anomie, those statements wrapped it up pretty quick. Great work. I am going to still checkout that guide for using keys, thanks to killasmurf86 as well.


----------



## malsaie (Feb 12, 2012)

[ Warning: bad and unsafe advice follows. -- Mod. ]

*T*o enable SSH on FreeBSD

`# vi /etc/ssh/sshd_config`


```
PermitRootLogin no----> yes
```

`:wq`

`# /etc/rc.d/sshd restart`


----------



## kpa (Feb 12, 2012)

1) You're replying to a 3 year old thread

2) Your advice is dangerous unless your network is properly isolated from the hostile internet, do not enable ssh root login unless there's a good reason to.


----------



## tux2bsd (Apr 18, 2021)

This thread is the top result on Google when searching for FreeBSD & "error: PAM: Authentication error for illegal user"

That error is also reported if the user's shell has been removed from the system but the user attempts to ssh to the host ( resolved by reinstalling that users shell on the host, or altering their shell to an alternate that is installed ).


----------

