Ubuntu Security :: GKSU Terminates After 1 Incorrect Password Attempt
Nov 19, 2010
Just like the title says, if I were to try to run anything through gksu and accidentally put in an incorrect password, instead of the gksu window coming up again, it would just terminate.
I think this started just lately.gksu refuses to authenticate me; it just tells me my password is incorrect.sudo and gksudo both work fine. This is no problem if what I want is in the menu, because I can just change gksu to gksudo, but some functions, like the Check button in Update Manager,
I've never observed this problem neither did any of my colleagues trying to SSH into the same system. If I try logging into my server using a wrong username and then press ^C to terminate or exhaust my password attempts, I am locked out for at least an hour. Is there something I can do on my end to fix this problem?
I'd like to be able to run gksu (i.e. the default windowed authentication) without a password. I tried to find this on the wiki and here on the forums but wasn't able to find anything. I've allowed 'sudo' to run without a password:
Code: <username> ALL=NOPASSWD: ALL
for my username but this has no effect on 'gksu'. As I am the only user on my machine and I have to enter a password on login
I have this issue on both Ubuntu and Lubuntu 11.04 64-bit on 2 different machines. I have not tested 32-bit.
When I run synaptic or update-manager it presents me with gksu, not gksudo as it previously did in previous Ubuntu releases, no matter how many times I try it will not accept my password.
I have even given it command line arguments to print the password to the terminal and it's correct.
I have found a workaround - by running gksu-properties and changing the mode from su to sudo it will now display gksudo and accept my password.
However, I want to know why it won't accept my sudo password for the su and gksu commands? There are no error messages which are outputted, the gui just says incorrect password.
How to fix the problem that is happening with gksu. It prompts me for the administrative password. I don't (for advised security reasons) have a password associated with the root account.
The sudo works fine and accepts my sudo password. Gksu fails with "incorect password... try again." error.
This is a new install of the Ubuntu Server 10.10 x64 Maverick edition.
I'm trying to install the driver for my Lexmark prospect Pro-205 printer which I downloaded from the Lexmark site but when I type in my administrater password it keeps saying wrong password while I know it's the right password!
So i have a fresh install of the server edition of Karmic, i'm running the Xfce desktop. When I attempt to manage users and groups through the GUI, I am prompted for what I think is the root password, the reason I say this is because the account I am currently logged in has sudo privileges and it does not accept that password at all, but I read that by default the root account is 'locked,' (to be honest it was so long ago since I last installed Ubuntu I completely forgot if it is or isn't, my current desktop installation has su access) is it asking for the root password? why doesn't my current user account password work if the root account is 'locked'? I can perform all other administrative tasks with sudo no problem.
the funny thing is, I have the exact same setup in a virtual machine, the same problem happens, except for some strange reason after changing the password on the only account (besides root), the password required to administer users and groups stayed the same after the change. (at the time of installation I just put both the user and root password the same and now that it is setup), i'm now ready to change the passwords. except now I read that the root account is locked by default, but this strange problem occurs.
While investigating my localhost access logs during an investigation to resolve locking myself out of my own server(!) I noticed this recent access attempt from a proxy referrer. I wouldn't expect this on a local server - currently set to listen on 127.0.01. The request was 403 forbidden, but surely the request should not have even reached this far? Is this an example of an unauthorised access attempt? I don't think it is me because all of my usual access requests are in moz 5 and im logged in to linux currently.
Note please do not click this link as I do not know where it leads ^^^^! (and i dont know how to disable it on this forum)
Code: Select all:~$ su Password: #Typed user password su: Authentication failure ~$ su Password: #Typed root password su: Authentication failure :~$ sudo su
[Code] ....
The file does open but with a warning in red saying i could harm my system. Had almost got everything configured just as like it, tried adding a custom action (open as administrator) to Thunar and my house of cards collapsed around me.
Debian 8 xfce, single user account, passwords and user names are single characters so it's a given there's no typing error.
Code: Linux tmif3 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:29:47 EST 2005 x86_64 x86_64 x86_64 GNU/Linux I added a user useradd billy because I don't like being root. I changed the password using passwd billy all as normal. when I try to logon, ssh rsh I cannot. even as root with an su - yields the following..
I am trying to install a new printer and delete my old one. It keeps asking for my password, I enter the same one that I log on with. It keeps telling me that the password may be incorrect. To my knowledge, I only know the one that I log on with. Does anyone know what the heck this thing is talking about?
My root filesystem recently filled up. I finally established why - that my /media directory had filled up due to the USB-attached device having been unmounted for whatever reason, and SimpleBackup tried backing up without the mount in place - thereby filling up the filesystem.
I discovered that the root directory was full when the machine tried to get updates, and couldn't. So, I went into /media and tried to delete the backup directory and file(s) that were in that directory, but it tells me that permission is denied. So I try to SUDO the same command, and it tells me 3 times in a row, "Sorry, try again", followed by "sudo: 3 incorrect password attempts".
I installed Ubuntu Server 10.10 with the GUI on a spare box I had. This is my first experience with Ubuntu. I have never used Linux before this. The system works great and logging on is no problem. However I installed 2 applications, gparted and samba. When I go to open either application I enter my logon password and I am told that the password is not correct. I am the only user on this machine and went to the accounts setting and changed my account type from custom to administrator to no avail.
I formatted my drive and reinstalled the whole thing again and got all available updates also. I reinstalled gparted and samba a second time on the new install and I still am told that the password is incorrect again when opening thes apps. Is there a simple, easy to understand way for this first time Ubuntu 10.10 user to correct this. There must be a minor flaw in this OS that is denying me use of my apps.
I don't know how I've managed to mess this one up, but in the midst of securing my webserver (ie. changing default SSH port, add new user, disable root SSH) I seem to have broken su functionality....somehow.
When I ssh as my user "lockdown" I attempt to "su -" and immediately am prompted with "su: incorrect password"
Code: lockdown[ at ]bag [~]# su su: incorrect password lockdown[ at ]bag [~]#
I re-enabled root SSH login (via editing /etc/ssh/sshd_config) and I'm able to SSH as root no problem, however I can't su even from root to another user, getting the same behavior and error message..
Code: root[ at ]bag [~]# su lockdown su: incorrect password root[ at ]bag [~]# Here are my permissions for /bin/su ... Code: root[ at ]bag [/]# ls -l /bin/su -rwSr-xr-- 1 root wheel 28336 Feb 28 2010 /bin/su* My user "lockdown" is a member of the wheel group, and I haven't edit /etc/pam.d/su or system-auth at all.
I have set up a new account, with a user name of Benjamin.However, when running a sudo command, while logged in with the user name 'Benjamin', I receive an incorrect password error.Yes, I am entering the password for user name 'Benjamin' and not that of the root account.
Got latest version of ubuntu, installed skype and i keep logging in it keeps saying incorrect pw. than i made a new account and tried that, still incorrect pw?
After locking my GUI session, if I type my password incorrectly when I come to unlock it, the system often (not always) seems to hang for a long time, with the text "Checking..." displayed. The length of time can be many minutes.The system is not actually frozen - if I hit CTL+ALT+F6 I can log on to a console session, from which I can see a tty7 process (i.e. the GUI session) using the 'ps' command. Sometimes the only way I can recover is to kill this process, upon which a new GUI session starts up, but this is undesirable as I lose any open applications.
I keep getting hundreds of SSH failed logins per day. Is there a way with iptables, i can say if a user connects too to port 22 over 8 times in 10 minuntes, then block them for an hour?
A few minutes ago I was using google chrome when suddenly the scroll-lock indicator on my keyboard turned on... I pressed the scroll-lock key, but nothing happened, the light remained. I opened a terminal and ran "top" to find what processes were running when I was automatically logged out. I logged back and checked the logs and found the following entries in my auth.log:
Code: CRON[2971]: pam_unix(cron:session): session opened for user root by (uid=0) CRON[2971]: pam_unix(cron:session): session closed for user root
I've been using checkgmail package on my f10 (x86_64) box for a while now without problems. But all of a sudden, I see a pop-up windowtating: incorrect username or password. No matter how many times I enter my usernamend password the window keeps coming back demanding for the same. My system is up to date and I've rebooted my system a few times, but the problem persists.
I just got a new laptop for work that dual boots with Windows 7 and Ubuntu 10.10.Normally, I can use an sslvpn connection to log onto my office servers to transfer data back and forth through Windows. However, I do my actual work on Linux, which the computing services department at the university where I work has not set up a sslvpn connection method for.I got the JRE set up on Linux and loaded up the sslvpn connection when I was asked for my sudo password. After following some other instructions, I created a different password to act as root.I entered that password over and over again and now I'm not able to attempt to connect again by trying another password.
Running Ubuntu 10.04 I noticed my hard disc rumbling for longer than normal and louder. Not doing anything demanding to cause hard disk activity like this so I was suspicious so I checked my process list with 'top' command in the console terminal. At the top was mount.ntfs running. Eventually it stopped running after 20 seconds or so. At the time I have not been accessing NTFS filesystems, but I do have them. I have a dual boot Ubuntu 10.04 and Windows 7. In Ubuntu I've mounted the Windows main C drive and on the same hard disk a partitioned drive for sharing files between the OSs. I know mount.ntfs is a standard program but was it being run on my machine, instigated externally here? Was the running of mount.ntfs an attempt from outside to hack into Ubuntu and the mounted Windows areas of my machine via a backdoor connection or vulnerability? I've restarted my machine since then. Are there any logs I can check for malicious attempts to break in?
I just did a fresh install of 10.10 and whenever I log on it request the password for default keyring (the same as sign in password) in previous versions of ubuntu it never asked and automatically started the wireless; now it asks and tells me the password is incorrect. I can hit cancel a numerous amount of times and it will eventually allow me to connect, but that doesn't seem like a good fix in my opinion. This also happened when I tried out lubuntu 10.04 which I promptly removed due to the menu style.
I am trying to setup 2-factor authentication for SSH with PAM. Its working well, but if the password is incorrect, it does not ask for validation code, but rather asks for the password again. Any way not to warn about an incorrect password?
