When examining the /etc/passwd file, we notice some interesting details about the user setup:

root:x:0:0:root:/root:/bin/bash
www-data:x:33:33:www-data:/var/www:/bin/bash
admin:x:1000:1000:,,,:/home/admin:/bin/bash
ftp:x:107:65534::/home/ftp:/bin/false
codeuser:x:1004:33::/home/codeuser:/bin/bash

The key observations here are:

• codeuser is assigned to group ID 33 (www-data group)
• The home directory is properly set to /home/codeuser
• A valid shell (/bin/bash) is assigned

The most common reason for this behavior is SSH server configuration. Let's examine the relevant settings:

sudo nano /etc/ssh/sshd_config

Look for these critical directives:

# Example of problematic settings that might block codeuser
AllowUsers admin
DenyUsers codeuser
AllowGroups www-data

If you find any restrictive settings, modify them to include codeuser:

AllowUsers admin codeuser
# Or alternatively:
AllowGroups www-data sudo

SSH requires proper permissions on the user's home directory. Let's verify:

ls -ld /home/codeuser
# Should show:
# drwxr-xr-x 6 codeuser www-data 4096 Feb 20 14:30 /home/codeuser

If permissions are incorrect, fix them with:

sudo chown -R codeuser:www-data /home/codeuser
sudo chmod 755 /home/codeuser

Ubuntu 10 might have different default authentication settings. Check if password authentication is enabled:

# In /etc/ssh/sshd_config
PasswordAuthentication yes
# Then restart SSH:
sudo service ssh restart

Although Ubuntu doesn't typically use SELinux, it's worth checking if AppArmor is interfering:

sudo aa-status
# If codeuser is being denied, check logs:
sudo cat /var/log/auth.log | grep codeuser

When testing the connection, use verbose mode to identify exactly where it fails:

ssh -vvv codeuser@yourserver.com
# Look for specific failure points in the output

Sometimes the SSH environment isn't properly initialized. Let's ensure all necessary files exist:

sudo mkdir -p /home/codeuser/.ssh
sudo touch /home/codeuser/.ssh/authorized_keys
sudo chown -R codeuser:www-data /home/codeuser/.ssh
sudo chmod 700 /home/codeuser/.ssh
sudo chmod 600 /home/codeuser/.ssh/authorized_keys

---

When attempting to SSH directly as codeuser on an Ubuntu 10.04 server, the connection fails despite:

• Successful authentication through admin user first
• Working su transition to codeuser
• Proper shell assignment in /etc/passwd

Let's examine the critical system configurations:

# Current /etc/passwd entries
root:x:0:0:root:/root:/bin/bash
www-data:x:33:33:www-data:/var/www:/bin/bash
admin:x:1000:1000:,,,:/home/admin:/bin/bash 
ftp:x:107:65534::/home/ftp:/bin/false
codeuser:x:1004:33::/home/codeuser:/bin/bash

# Current /etc/group entries
root:x:0:
www-data:x:33:
codeuser:x:1005:

Several factors could prevent direct SSH access:

# 1. Check home directory permissions
ls -ld /home/codeuser

# 2. Verify SSH authentication methods
cat /etc/ssh/sshd_config | grep -i "PasswordAuthentication"

# 3. Test PAM configuration
cat /etc/pam.d/sshd | grep -v "^#"

Here's the step-by-step resolution process:

# Step 1: Ensure proper home directory exists
sudo mkdir -p /home/codeuser
sudo chown codeuser:www-data /home/codeuser
sudo chmod 755 /home/codeuser

# Step 2: Update the user's GID to match www-data group
sudo usermod -g 33 codeuser

# Step 3: Copy SSH authorized_keys if migrating access
sudo mkdir /home/codeuser/.ssh
sudo cp /home/admin/.ssh/authorized_keys /home/codeuser/.ssh/
sudo chown -R codeuser:www-data /home/codeuser/.ssh
sudo chmod 700 /home/codeuser/.ssh
sudo chmod 600 /home/codeuser/.ssh/authorized_keys

# Step 4: Verify PAM settings
sudo nano /etc/pam.d/sshd

For persistent issues, try these diagnostic commands:

# Run SSH server in debug mode
sudo /usr/sbin/sshd -d -p 2222

# Check auth logs in real-time
sudo tail -f /var/log/auth.log

# Test SSH connectivity with verbose output
ssh -vvv codeuser@yourserver.com

While fixing access, maintain security:

# Recommended SSHd_config settings:
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
AllowUsers admin codeuser