Environment
Red Hat Enterprise Linux 5
Issue
Not able to ssh in from one host to cPanel Application server. But from other hosts successfully able to ssh in.
Destination server is running the cPanel application.
Resolution
strace showed the following behaviour :
31004 15:09:34.850700 socket(PF_FILE, SOCK_STREAM, 0) = 4 <0.000019>
31004 15:09:34.850763 connect(4, {sa_family=AF_FILE, path="/var/run/cphulkd.sock"...}, 110) = 0 <0.000087>
31004 15:09:34.901779 write(4, "PAM_AUTHENTICATE system teladmin 10.1.x.1 1 1430204974 0 0 \n", 63) = 63 <0.000075>
31004 15:09:34.901964 read(4, <unfinished ...>
31004 15:09:34.908777 <... read resumed> "580 LOGIN DENIED -- TOO MANY FAILURES -- IP TEMP BANNED\n", 1024) = 56 <0.006750>
31004 15:09:34.911179 sendto(8, "<35>Apr 28 15:09:34 PAM-hulk[31004]: Brute force detection active: 580 LOGIN DENIED -- TOO MANY FAILURES -- IP TEMP BANNED\n", 123, MSG_NOSIGNAL, NULL, 0 <unfinished ...>
31004 15:09:34.952501 write(7, "\0\0\0\17\1", 5) = 5 <0.000098>
31004 15:09:34.952653 write(7, "\0\0\0\nPassword: ", 14 <unfinished ...>
31004 15:09:54.190399 write(7, "\0\0\0\33\7", 5) = 5 <0.000093>
31004 15:09:54.190544 write(7, "\0\0\0\26Authentication failure", 26) = 26 <0.000014>
Later on it was discovered that customer was using 3rd Party "pam_hulk.so" module and it appears to be blocking the access.