I need to allow domain users (userid and password) access to a Centos 7 server, as well as local users (SSH key/passwordless).
I have configured sshd_config with both AllowUsers and AllowGroups and assumed that if I added the local user to those it should work.
However, I'm getting an error when local users try and login:
sshd[23906]: pam_sss(sshd:account): Access denied for user datahub_push: 10 (User not known to the underlying authentication module)
sshd[23906]: fatal: Access denied for user datahub_push by PAM account configuration [preauth]
The domain users work just fine and have an entry under AllowGroups in sshd_config.
After some googling there is a suggestion that I need to modify:
/etc/pam.d/sshd
…but I'm not sure of what to change and whether editing that file is best practice? i.e. should I use the authconfig tool instead.
Any help hugely appreciated.
Best Answer
I fixed it myself! I added the following line to
After a restart to sshd I am now able to login as a domain user and a local user. Here's the full, working file:
Hope this helps someone else :)