Unable to ssh as root
 

Hi all, I have installed Fedora 20 and I am unable login as root remotly using ssh. It gives an error as below "

Permission denied, please try again."

I have set the PermitRootLogin to yes, dropped the firewall and disabled selinux. Nothing seems to work

:(

Thanks and Regards

You do realise that's a really bad idea?
Anyway, assuming you insist on doing this, have you restarted the ssh daemon after the change?

If you still face problem, comment the line
Restart ssh.

Hi Guys, thanks for the reply, and this is a test environment that I am setting up for some RND and I ran in to this :) totally screw up! even I tried even with sentos 7 same thing same settings. But my lap is running Fedora 20 and all I had to do was disable selinux and in one Oracle linux 7 installation it had to be permissive, with out setting any of the above settings in sshd_conf.

I cant put my fingure on this, it seems every time it is some what deterrent setting got the things going.


I am STUCK!! :(

Thanks and Regards

you should know by now that fedora only supports any one version for 13 months

the current is fedora 22
fedora 20 is END OF LIFE!!!
-- it will NEVER!!! receive any security fixes
--- DO NOT USE!!! ---

Please install Fedora 22 ASAP!!!

then see is ssh is working

You might consider logging. ssh features several levels of verbosity both on the client and the server side.
The ssh client has options -v, -vv, -vvv, and so on (I don't know where it stops). Three v's are sufficient to give you a whole short story to analyse.
On the server side, you can run sshd with -v as well if I remember correctly. You can also run additional sshd processes on ports other than 22.

Hi I have upgraded OS to 22 and debugging gave me below info

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<veeam-server> user=root
pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

it seems there is somekind of a restriction on the uid (least it looks like), how do I go about fixing this

Thanks and Regards

Again, there is nothing to 'fix'...this is disabled FOR GOOD REASON...logging in as root is a BAD IDEA, and always will be.

You can stop the ssh service on your machine, and run "/usr/sbin/sshd -D -d" to get some details. Could be a permissions issue, but as others have asked (but you didn't answer), did you restart sshd after changing the permitrootlogin value???

TB0ne, thank you for the reply and yes I have restered the service as well as the server it self and by enabling I I have only got what is written in to the secure log with some additional information that was nice and I only pasted what I though would be relevant for diagnosing

I am sorry if I have not answered acknowledge of your valuable time on helping me, but I though I have. I have been with you and this network for a quite a while and I do deeply appreciate you and this network :) which has provided me with much wanted help at time I was dead stuck as well as in some lame question that I might have asked. Thank you all!!!!

As I have mentioned this is a test environment, and needed root level access to do some configuration and testing. But now it looks like there is some setting or some de or reconfiguration that we need to do to enable root level access from FC 20, Centos 7, redhat 7 and Oracle linux 7 (on the other hand all bistros are the same :) ). I've just got this installed needs to play with it and see if the same persist. But as per one of my colleague he has to set selinux to permissive for ssh as root to work. None of the good help did helped.

Thanks you and best Regards

You really should get used to working with security, instead of fighting it.

The problem you are opening up is allowing someone to brute force the root login...

And getting used going directly in as root defeats several things: auditing for one. You no longer know WHO logged in as root.

PAM is the framework that allows fine-grained control of the login process. It's configured in /etc/pam.d; the error message indicates you should look at auth clauses in the file /etc/pam.d/sshd.

Again, it doesn't matter if this is test or not...logging in as root is a PLAIN BAD IDEA, PERIOD. As jpollard, you need to get used to working WITH security, rather than fighting it. All you're going to wind up doing is making things harder for yourself later. The scripts/procedures you develop in your 'test' system will be written to AVOID security, and probably won't work correctly in a production environment.

Want root access? Simple...log in as your regular user, type in "su - " or "sudo -s", and there you go. Simple. Works the same on any system.

Thank you all for the replies appreciate all and sorry for the late reply! Guess I have to go with su -, but I really would like to know what stopping root from ssh in to a machine

Best Regards

design? Good security practices? Take your pick.

Ssh has options to enable it, and strongly recommends against doing so. But if the security design of the system disallows it, then that won't allow it either.

Thank you all for advice and help :)

Best Regards