The above dumps are from /var/log/auth.log on the server. Below are the dumps on the client. Just putting the relevant part of the dump that differs
Successful login
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Unsuccessful login
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
Connection to www.codelearn.org closed by remote host.
Connection to www.codelearn.org closed.
Transferred: sent 2488, received 1472 bytes, in 0.8 seconds
Bytes per second: sent 3043.4, received 1800.6
debug1: Exit status -1
OS : Ubuntu precise 12.04
Openssh server: OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
SSH client: does not matter as I have tried from ubuntu as well as Mac & behavior is the same.
Update 2:
Btw - this is not a problem with PAM as such as I can do su user_3000 & the new user logs in & gets a PTY too.
Also doing ssh without asking for PTY ssh -T user_3000@www.codelearn.org logs the user in. But it stops post login & no prompt appears. Probably that is because no prompt was asked for the at the first place.
Решение 2
So turns out this was a problem with /etc/security/limits.conf for the users.
I am guessing that PAM tries to authenticate by looking at /etc/passwd file as the user. The limits have a field fsize which was set to 1000 . If the user appeared earlier in /etc/passwd - PAM would be able to find & authenticate. If he appeared later, fsize limit might have reached & PAM quits.
Changing fsize from 1000 to 2000 fixed the problem.
Другие советы
Have you checked your sshd_config to ensure no maxing out issues are occurring?
Lookout for
ClientAliveCountMaxMaxSessionsMaxStartups
Specifically MaxSessions since your unsuccessful login message lists a bunch of open connections as the reason. Increase the number and check the behavior.