When encountering the "PTY allocation request failed on channel 0" error during SSH authentication, it typically indicates a problem with pseudo-terminal (PTY) allocation despite successful authentication. The debug output shows:
debug1: Authentication succeeded (password).
debug2: channel 0: request pty-req confirm 1
PTY allocation request failed on channel 0
debug2: shell request accepted on channel 0
While many online solutions focus on /dev/pts mount issues or Git-related problems, our case presents different characteristics:
- /dev/pts is properly mounted (confirmed via mount command)
- No Git operations involved (bare server environment)
- Affects multiple users (rules out individual ~/.ssh/config issues)
Try these diagnostic commands on the server:
# Check PTY device permissions
ls -la /dev/pts
# Verify kernel parameters
sysctl kernel.pty.max
sysctl kernel.pty.nr
# Check resource limits
ulimit -a
# Test PTY allocation directly
python -c "import pty; pty.spawn('/bin/bash')"
Option 1: Force PTY allocation in ssh_config:
Host *
RequestTTY force
Option 2: Disable PTY when not needed:
ssh -T user@host # For non-interactive sessions
Investigate potential kernel issues with:
# Check for relevant kernel messages
dmesg | grep -i pty
dmesg | grep -i tty
# Verify kernel modules
lsmod | grep pty
If immediate resolution isn't possible, consider these workarounds:
# Use SSH in command mode
ssh user@host "your_command"
# Try mosh for persistent connections
mosh user@host
# Test with different SSH implementations
dropbear -p 22 user@host
Verify critical system directories:
# Check devpts filesystem
mount | grep devpts
# Verify device files
ls -l /dev/ptmx
ls -l /dev/tty*
# Test device creation
test -c /dev/ptmx && echo "OK" || echo "Failed"
When attempting SSH login, authentication succeeds but session establishment fails with:
PTY allocation request failed on channel 0
debug2: shell request accepted on channel 0The session then freezes despite successful authentication. Looking at debug output (-vv flag), we see the PTY allocation fails after environment variables are sent but before shell startup.
First, check basic system-level permissions:
# Verify devpts mount
mount | grep devpts
# Check ptmx permissions
ls -l /dev/ptmx
# Verify kernel config
grep CONFIG_DEVPTS_MULTIPLE_INSTANCES /boot/config-$(uname -r)Common culprits include:
- Incorrect /dev/pts permissions (should be 620)
- Missing devpts mount options (gid=5,mode=620)
- Exhausted pty resources (check /proc/sys/kernel/pty/max)
- Broken PAM modules or SELinux policies
When basic checks don't reveal the issue, try strace on both client and server:
# Client side
strace -f -o ssh_client.log ssh -vv user@host
# Server side (as root)
strace -f -p $(pgrep -f "sshd: user") -o sshd_server.logLook for failed ioctl() calls related to TIOCSWINSZ or TIOCSPTLCKG which indicate terminal control issues.
For temporary workarounds, try forcing different PTY modes:
# Attempt raw mode
ssh -T user@host
# Force no-PTY allocation
ssh -N user@host
# Specify alternative pty helper
ssh -o LocalCommand="/usr/libexec/openssh/sftp-server" user@hostIf the issue persists across reboots, consider kernel parameters:
# Increase pty maximums
echo 4096 > /proc/sys/kernel/pty/max
echo 1024 > /proc/sys/kernel/pty/nr
# Permanent solution (add to /etc/sysctl.conf)
kernel.pty.max = 4096
kernel.pty.nr = 1024Modify /etc/ssh/sshd_config with these experimental settings:
# Disable pam session (temporarily for testing)
UsePAM no
# Change subsystem path
Subsystem sftp /usr/lib/ssh/sftp-server -l INFO
# Force specific pty allocation method
PermitTTY yes
UsePrivilegeSeparation noRemember to restart sshd after changes: systemctl restart sshd
For environments where PTY allocation consistently fails, consider:
# Use SSH forced command in ~/.ssh/authorized_keys
command="/bin/bash --noprofile --norc" ssh-rsa AAAAB3...
# Configure in sshd_config
Match User problemuser
ForceCommand /usr/sbin/login_override.shWhere login_override.sh contains:
#!/bin/bash
# Minimal environment setup
export TERM=dumb
exec /bin/bash --noprofile --norc