HP-UX OS Servers using Remote SSH method gives errorsUNKNOWN

[veeravamsi]

Hi Team,

We have bunch of HP-UX Servers and we are using check_by_ssh commands ( using public-private Key methodology ) we are running few custom scripts ( Plugins ) to gather metrics , and often on few servers we get UNKNOWN errors and when we look at details we noticed below errors :

"Access is denied by the AUTH_MAXTRIES attribute in security(4).Authentication failed."

Is this familiar error and any guidance on cause and fix would be really appreciated .

--Vamsi

[veeravamsi]

And one of the Custom Plugin script takes more than 30 seconds to return the response ( which is expected ) so i have added timeout=60 to that. But would this cause any issues ? Meaning if multiple Connections to same server using SSH cause any conflict ?

[ssax]

That really depends on how your HP-UX systems SSH daemons are configured but that doesn't really seem like that's the problem.

Here's what it says about AUTH_MAXTRIES:

AUTH_MAXTRIES This attribute controls whether an account is locked after too many consecutive authentication failures. It does not apply to trusted systems. This attribute is supported for users in all name server switch repositories, such as local, NIS and LDAP. This attribute is enforced in the pam_hpsec service module, and requires that the pam_hpsec module be configured in /etc/pam.conf. See pam_hpsec(5). Other PAM service modules in your configuration may enforce additional restrictions. The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). When an account has been locked due to too many authentication failures, root can unlock the account by this command: userdbset -d -u username auth_failures AUTH_MAXTRIES=0 Any number of authentication retries is allowed. AUTH_MAXTRIES=N An account is locked after N+1 consecutive authentication failures. N can be any positive integer. Default value: AUTH_MAXTRIES=0

Taken from here:

Code: Select all

https://docstore.mik.ua/manuals/hp-ux/en/B2355-60130/security.4.html

whether an account is locked after too many consecutive authentication failures

So that means it had to have failed to authenticate enough times that AUTH_MAXTRIES was hit.

We would need to know why it was failing to auth, what do the security logs say?

NOTE: We are not HP-UX admins here and we do not have access to HP-UX systems for testing.

[veeravamsi]

Sure . Thanks for looking at this and giving a lead. I will ask my HP Admins to look at security logs.

You can close this thread !!

[scottwilkerson]

Sure . Thanks for looking at this and giving a lead. I will ask my HP Admins to look at security logs.

You can close this thread !!

Great!

Locking