Subscribe

Login over SSH - missing required capability

Hello,

 

On one of our systems (FAS2040, DOT 8.1.3) we started to get errors about missing 'login-ssh' capability. Even if we create new user with administrative privileges we can't connect over SSH. Only 'root' and 'administrator' users are capable of connecting to system.

 

Here is overview of one of users with which we have problems:

 

User:

Name: splunkuser
Info:
Rid: 131081
Groups: Administrators

 

Group:

Name: Administrators
Info: Members can fully administer the filer
Rid: 544
Roles: root,admin

 

Roles:

Name:    admin
Info:    Default role for administrator privileges.
Allowed Capabilities: login-*,cli-*,api-*,security-*

 

 

Any ideas what could be problem? I tried to manually add 'login-ssh' role to this and other users, but it is the same. I also tried creating new user, but we hit same issue.

 

On partner node there is the same configuration of users, groups and roles and everything is working ok.

 

 

Best Regards,

Rozle

 

 

Re: Login over SSH - missing required capability

First, login directly to the filer and then try SSH from the unix host.

Re: Login over SSH - missing required capability

It is the same - looks like it doesn't even recognize password. I am 100% sure password entered was correct, because I changed it with 'passwd' 10s before:

 

[xxx: sshd_2:info]: Failed password for splunkuser from xxxxxxxxxxx port 60446ssh2

 

And when we have login with key, we got:

 

[xxx:useradminx.unauthorized.user:warning]: User 'splunkuser' denied access - missing required capability: 'login-ssh'

 

 

Re: Login over SSH - missing required capability

Your splunkuser role is messed up... 

 

You need to follow the splunk document for the app for splunk to make sure that you give it the rights perms for the app to work properly.