Help! ssh to home desktop is listening but not accepting password
I have RedHat on a desktop machine at home and FC2 on my laptop. I'm currently out of town but need to work remotely on my desktop, so I configured ssh before I left -- I think all I did was tell my router to send port 22 to my desktop and run "service sshd start" on the desktop, and I recall adding my username to an authorized list somewhere, but I can't remember what file that was. (I've been a linux end user for years but have only recently installed it at home.)
Anyway, it was working fine until there was a power outage at home. Well, it was working except that I couldn't open forwarded X windows, but I was managing with just terminal access. My husband is home and restarted the computer and restarted sshd, but now although I can make a connection, I can't actually login, as it won't accept my password. I desperately need this to work and I feel completely blind since I can't see my home machine. My husband is a Windows man, but he can type commands for me ;) and is happy to help. Here's the content of verbose ssh from my remote machine: Code:
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f I'm really hoping someone can help me out here... I have some work that I need to get done in the next few days that's crucial, and my home desktop is the only machine I have access to that has the HD space, RAM, and CPU power to get it done. Thanks in advance! |
Update:
I'm not sure if I mentioned this, but I'm running FC2. Also, I checked my /etc/ssh/sshd_config and everything looks fine to me... I then tried using synaptic to uninstall and re-install openssh-server and synaptic hung on the removal. Anyone have any ideas? |
Sorry... one more update; /var/log/messages shows the following:
Code:
Dec 31 20:17:32 localhost su(pam_unix)[2105]: session opened for user root by username(uid=500) Also, here's my /etc/ssh/sshd_config file: Code:
# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $ |
Sorry for taking so long to reply, but it's been a while since I used RedHat. But I had a copy of FC2 installed on another partition, so thought I'd reboot and have a look. Took me about an hour, but I got there.
It's the 'AllowUsers' and 'AllowGroups' bits in the sshd_config on your home machine. Remove them - they're not necessary unless you want only those users or groups to log in. My setup fails with exactly the errors reported by you. Once you've confirmed that works, we can get X Forwarding working so that you can see your machine... it'll be slow, though. |
Of course, I'm being a bit presumptuous... try it first. ;)
My setup failed when I had the wrong group in the file... and the fact that it had worked for you in the past suggests there could be problems in /etc/group or something... but let's look for the simple solution to begin with. |
Oh my gosh -- you RULE. That worked like a charm! Thank you. :)
Not that I understand why it worked before and didn't after the reboot, but I'm not complainin'. I set up the AllowUsers thing because I only want to login as that one user. I actually only have that user, root, and one other user. That third username, though, is a default username that comes with one of the programs I use, so it seems like something someone might use if they wanted to hack my machine and knew I had that software. I'm sure I can fix it so that that user can't login, though. In terms of the Xwindows stuff, here's the message I get when I try to open emacs remotely: Code:
_X11TransSocketINETConnect: Can't get address for localhost I then tried the old trick I used to use a few years ago -- manually setting the DISPLAY variable and using xhost +myip.x.x.x etc. That didn't work either; and in fact the computer seemed to hang on the xhost + command. I don't know if it's relevant, but both my home desktop and this laptop are going through a router; I have the ssh port open but not many others on the home desktop, and I don't believe my parents (I'm home for the holidays) have any ports open on this end. |
Oh good. :) Root logins are disabled in your setup - that's a good thing. Check the other user's login shell in /etc/passwd - change it to /bin/false, and no-one can log in with it. Hope it won't upset your other program, though. If you really must allow only one user, you only need to use the 'AllowUsers' thing, not the AllowGroups. To clarify what I said earlier (again); I had the correct username after AllowUsers, but the wrong group name, and it failed. Check that you actually are in the group 'users'.
With that out the way, let's just check that you're using the -X flag to ssh... Code:
ssh -X username@host |
Oh, even easier; there's a 'DenyUsers' option you can use... but anyway, I digress. Carry on.
|
Tim Retout? I was wondering maybe if you could have a look at mine.. I have the same situation, except that even with the specified users in the sshd_config, they cannot connect. I posted here. Please take a look if you have the time, I would really appreciate it, if you would :)
Thanks. |
No problem... done, hopefully.
|
Whoa -- I swear to you that ssh -X user@host did NOT work before! But it works now! That's so strange... I don't know why that would happen, but again, no complaints here. :)
So if I add the line "DenyUsers badusername" to my sshd_config file, that'll cover it? I'll try that when I get back home. You're a dream for being so helpful and patient. Thank you so much! |
All times are GMT -5. The time now is 05:43 PM. |