SSH – Fix Wrong Locale Settings

localizationpamputtyssh

I have a debian server with locales set to hu_HU.UTF-8, and if i log in trough console it works perfectly in hungarian. It also worked with ssh logins until i disabled PAM in the sshd config. Since then when i log in trough ssh the locales are set to POSIX.

I tried to comment the AcceptEnv LANG LC_* line in sshd_config but the problem still exits.
I'm connecting with Putty with UTF-8 character set.

So how can i fix this?

Best Answer

PuTTY doesn't set LANG

The locale you have set in PuTTY is completely decoupled from the environment variables on the system. To quote its documentation:

Unfortunately, there is no satisfactory mechanism for PuTTY and the server to communicate this information, so it must usually be manually configured.

Before PuTTY changed the default character encoding to UTF-8, it was an extremely common scenario for the OS to have settings defaulting to a UTF-8 enabled locale (typically en_US.UTF-8) with PuTTY misinterpreting that by its own ISO-8859-1:1998 default.

PAM is more than just authentication

More than likely you've turned UsePAM to no, not realizing that this turns off far more than just PAM authentication. The operative words from the sshd_config manpage are:

Enables the Pluggable Authentication Module interface. If set to “yes” this will enable PAM authentication using ChallengeResponseAuthentication and PasswordAuthentication in addition to PAM account and session module processing for all authentication types.

Your console logins are still invoking PAM modules associated with the account and session facilities, but your SSH logins are no longer doing so. I recommend that you re-enable PAM. At this point you can disable PasswordAuthentication and ChallengeResponseAuthentication if your goal is to require key based authentication. (which has always bypassed PAM's auth facility)

Related Solutions

SSH Tunnel using PuTTY no longer works after server change

At rwired's request, I'm reposting my previous comment as an answer, which was:

Can the remote Linux server establish outbound connections to TCP port 80? For instance, if you "telnet www.google.com 80" from the server, do you get "Connection established"? Or does it just hang?

The intended implication was that something is blocking the outbound connection, which rwired discovered was indeed the case.

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.