ssh fatal: Access denied for user by PAM account configuration [preauth]

Image of Mattias Geniar

Mattias Geniar, April 01, 2016

Follow me on Twitter as @mattiasgeniar

This was an interesting issue I encountered on a Linux machine. I renamed a user in /etc/passwd, but forgot to rename its entry in /etc/shadow.

The result was that every login attempt ended up logging the following and immediately closing the SSH connection for the user.

sshd[22715]: fatal: Access denied for user username by PAM account configuration [preauth]
sshd[22723]: fatal: Access denied for user username by PAM account configuration [preauth]
sshd[23144]: fatal: Access denied for user username by PAM account configuration [preauth]

So a reminder to myself: if you rename a user in /etc/passwd, also rename it in /etc/shadow.

If you encounter this error too, check if the user that’s trying to log in has a shadow-entry. It doesn’t need a password, but it needs a corresponding entry in /etc/shadow.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.