I've got a Linux virtual machine with multiple accounts that can use SSH and SFTP without any issues. However, I recently set up a new account and it's having trouble connecting through either protocol. When I try to SFTP with FileZilla, I get a "Could not connect to server" error after entering my credentials. If I attempt to SSH via the command line, I receive a message saying "Connection to ***IP.Address*** closed by remote host".
I've gone through several configuration files:
- ***/etc/ssh/sshd_config*** does not have any ***"AllowUsers"*** or ***"AllowGroups"*** specified, so I thought that would allow all users.
- I also checked ***/etc/ssh/sshd_config.d*** and found nothing there.
- In ***/etc/pam.d/sshd*** and ***/etc/security/access.conf***, I didn't see anything related to access restrictions.
I found some ***"Match"*** statements in ***/etc/ssh/sshd_config*** that adjust the ChrootDirectory and restrict SFTP (using ***ForceCommand internal-sftp***), and it looks like those apply to a group. Once I added my new user to that group, SFTP connections started working. Yet, I'm puzzled about where this group is permitted SSH access, given that the ***sshd_config*** doesn't have an ***AllowGroups*** line. I want to identify where else to configure SSH access, so I can add the new user individually instead of relying solely on group membership.
5 Answers
You might want to run `uname -a` to check the distro details and how SSH is configured. Each distribution can handle things a bit differently, so knowing which one you're on can help in finding the settings you need to check.
If your new user's password authentication is getting denied, it could be due to SSH settings disallowing password connections. You might want to check the OpenSSH logs using `journalctl -xeu sshd` for any relevant messages. Also, verify if the default shell for new users is set to ***false*** or ***nologin*** in ***/etc/adduser.conf***.
Don’t forget to check the user-specific SSH config in ***~/.ssh/config***. There might be settings there that are affecting the connection for your new user that you might not have considered yet.
Have you checked ***/etc/group***? Ensure the group that your new user belongs to doesn’t have a ***nologin*** shell configured, which could prevent SSH access. It’s worth a look to make sure nothing's blocking the connection from that end.
I looked at the groups. The one that corresponds to my new user and the admin group providing SSH access doesn’t show any ***nologin*** issues, so that doesn’t seem to be the problem.
Make sure that the user has a valid login shell. If it’s set to something like ***nologin*** or ***false***, that would prevent SSH connections from working properly. Double-check that in the user’s settings.
Password authentication is allowed. When my new user is added to the specific group in the ***Match*** block, SSH works. I just can’t figure out where that group is granted SSH/SFTP rights when I can’t find it in ***sshd_config***.