Unable to ssh as root
Hi all, I have installed Fedora 20 and I am unable login as root remotly using ssh. It gives an error as below "
Permission denied, please try again." I have set the PermitRootLogin to yes, dropped the firewall and disabled selinux. Nothing seems to work :( Thanks and Regards |
You do realise that's a really bad idea?
Anyway, assuming you insist on doing this, have you restarted the ssh daemon after the change? |
If you still face problem, comment the line
Quote:
|
Hi Guys, thanks for the reply, and this is a test environment that I am setting up for some RND and I ran in to this :) totally screw up! even I tried even with sentos 7 same thing same settings. But my lap is running Fedora 20 and all I had to do was disable selinux and in one Oracle linux 7 installation it had to be permissive, with out setting any of the above settings in sshd_conf.
I cant put my fingure on this, it seems every time it is some what deterrent setting got the things going. I am STUCK!! :( Thanks and Regards |
Quote:
the current is fedora 22 fedora 20 is END OF LIFE!!! -- it will NEVER!!! receive any security fixes --- DO NOT USE!!! --- Please install Fedora 22 ASAP!!! then see is ssh is working |
Quote:
The ssh client has options -v, -vv, -vvv, and so on (I don't know where it stops). Three v's are sufficient to give you a whole short story to analyse. On the server side, you can run sshd with -v as well if I remember correctly. You can also run additional sshd processes on ports other than 22. |
Hi I have upgraded OS to 22 and debugging gave me below info
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<veeam-server> user=root pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root" it seems there is somekind of a restriction on the uid (least it looks like), how do I go about fixing this Thanks and Regards |
Quote:
You can stop the ssh service on your machine, and run "/usr/sbin/sshd -D -d" to get some details. Could be a permissions issue, but as others have asked (but you didn't answer), did you restart sshd after changing the permitrootlogin value??? |
TB0ne, thank you for the reply and yes I have restered the service as well as the server it self and by enabling I I have only got what is written in to the secure log with some additional information that was nice and I only pasted what I though would be relevant for diagnosing
I am sorry if I have not answered acknowledge of your valuable time on helping me, but I though I have. I have been with you and this network for a quite a while and I do deeply appreciate you and this network :) which has provided me with much wanted help at time I was dead stuck as well as in some lame question that I might have asked. Thank you all!!!! As I have mentioned this is a test environment, and needed root level access to do some configuration and testing. But now it looks like there is some setting or some de or reconfiguration that we need to do to enable root level access from FC 20, Centos 7, redhat 7 and Oracle linux 7 (on the other hand all bistros are the same :) ). I've just got this installed needs to play with it and see if the same persist. But as per one of my colleague he has to set selinux to permissive for ssh as root to work. None of the good help did helped. Thanks you and best Regards |
You really should get used to working with security, instead of fighting it.
The problem you are opening up is allowing someone to brute force the root login... And getting used going directly in as root defeats several things: auditing for one. You no longer know WHO logged in as root. |
Quote:
|
Quote:
Want root access? Simple...log in as your regular user, type in "su - " or "sudo -s", and there you go. Simple. Works the same on any system. |
Thank you all for the replies appreciate all and sorry for the late reply! Guess I have to go with su -, but I really would like to know what stopping root from ssh in to a machine
Best Regards |
design? Good security practices? Take your pick.
Ssh has options to enable it, and strongly recommends against doing so. But if the security design of the system disallows it, then that won't allow it either. |
Thank you all for advice and help :)
Best Regards |
All times are GMT -5. The time now is 06:53 PM. |