LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-29-2015, 03:00 AM   #1
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 608

Rep: Reputation: 34
Unable to ssh as root


Hi all, I have installed Fedora 20 and I am unable login as root remotly using ssh. It gives an error as below "

Permission denied, please try again."

I have set the PermitRootLogin to yes, dropped the firewall and disabled selinux. Nothing seems to work



Thanks and Regards
 
Old 06-29-2015, 05:16 AM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,357

Rep: Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367
You do realise that's a really bad idea?
Anyway, assuming you insist on doing this, have you restarted the ssh daemon after the change?
 
Old 06-29-2015, 08:49 AM   #3
eklavya
Member
 
Registered: Mar 2013
Posts: 619

Rep: Reputation: 136Reputation: 136
If you still face problem, comment the line
Quote:
# PermitRootLogin yes
Restart ssh.
 
Old 06-29-2015, 10:53 AM   #4
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 608

Original Poster
Rep: Reputation: 34
Hi Guys, thanks for the reply, and this is a test environment that I am setting up for some RND and I ran in to this totally screw up! even I tried even with sentos 7 same thing same settings. But my lap is running Fedora 20 and all I had to do was disable selinux and in one Oracle linux 7 installation it had to be permissive, with out setting any of the above settings in sshd_conf.

I cant put my fingure on this, it seems every time it is some what deterrent setting got the things going.


I am STUCK!!

Thanks and Regards
 
Old 06-29-2015, 02:46 PM   #5
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,090

Rep: Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474Reputation: 2474
Quote:
Hi all, I have installed Fedora 20
you should know by now that fedora only supports any one version for 13 months

the current is fedora 22
fedora 20 is END OF LIFE!!!
-- it will NEVER!!! receive any security fixes
--- DO NOT USE!!! ---

Please install Fedora 22 ASAP!!!

then see is ssh is working
 
Old 06-29-2015, 08:00 PM   #6
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: Redhat/Centos, Ubuntu, Raspbian, Fedora
Posts: 1,691

Rep: Reputation: 353Reputation: 353Reputation: 353Reputation: 353
Quote:
Originally Posted by procfs View Post
I am STUCK!!

Thanks and Regards
You might consider logging. ssh features several levels of verbosity both on the client and the server side.
The ssh client has options -v, -vv, -vvv, and so on (I don't know where it stops). Three v's are sufficient to give you a whole short story to analyse.
On the server side, you can run sshd with -v as well if I remember correctly. You can also run additional sshd processes on ports other than 22.
 
Old 06-30-2015, 05:39 AM   #7
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 608

Original Poster
Rep: Reputation: 34
Hi I have upgraded OS to 22 and debugging gave me below info

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<veeam-server> user=root
pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

it seems there is somekind of a restriction on the uid (least it looks like), how do I go about fixing this

Thanks and Regards

Last edited by procfs; 06-30-2015 at 06:13 AM.
 
Old 06-30-2015, 08:21 AM   #8
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,811

Rep: Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190
Quote:
Originally Posted by procfs View Post
Hi I have upgraded OS to 22 and debugging gave me below info

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<veeam-server> user=root
pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

it seems there is somekind of a restriction on the uid (least it looks like), how do I go about fixing this
Again, there is nothing to 'fix'...this is disabled FOR GOOD REASON...logging in as root is a BAD IDEA, and always will be.

You can stop the ssh service on your machine, and run "/usr/sbin/sshd -D -d" to get some details. Could be a permissions issue, but as others have asked (but you didn't answer), did you restart sshd after changing the permitrootlogin value???
 
Old 06-30-2015, 11:40 AM   #9
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 608

Original Poster
Rep: Reputation: 34
TB0ne, thank you for the reply and yes I have restered the service as well as the server it self and by enabling I I have only got what is written in to the secure log with some additional information that was nice and I only pasted what I though would be relevant for diagnosing

I am sorry if I have not answered acknowledge of your valuable time on helping me, but I though I have. I have been with you and this network for a quite a while and I do deeply appreciate you and this network which has provided me with much wanted help at time I was dead stuck as well as in some lame question that I might have asked. Thank you all!!!!

As I have mentioned this is a test environment, and needed root level access to do some configuration and testing. But now it looks like there is some setting or some de or reconfiguration that we need to do to enable root level access from FC 20, Centos 7, redhat 7 and Oracle linux 7 (on the other hand all bistros are the same ). I've just got this installed needs to play with it and see if the same persist. But as per one of my colleague he has to set selinux to permissive for ssh as root to work. None of the good help did helped.

Thanks you and best Regards
 
Old 06-30-2015, 01:01 PM   #10
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,688

Rep: Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259
You really should get used to working with security, instead of fighting it.

The problem you are opening up is allowing someone to brute force the root login...

And getting used going directly in as root defeats several things: auditing for one. You no longer know WHO logged in as root.
 
Old 07-01-2015, 12:14 AM   #11
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: Redhat/Centos, Ubuntu, Raspbian, Fedora
Posts: 1,691

Rep: Reputation: 353Reputation: 353Reputation: 353Reputation: 353
Quote:
Originally Posted by procfs View Post
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<veeam-server> user=root
pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
PAM is the framework that allows fine-grained control of the login process. It's configured in /etc/pam.d; the error message indicates you should look at auth clauses in the file /etc/pam.d/sshd.
 
Old 07-01-2015, 07:58 AM   #12
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,811

Rep: Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190Reputation: 4190
Quote:
Originally Posted by procfs View Post
As I have mentioned this is a test environment, and needed root level access to do some configuration and testing. But now it looks like there is some setting or some de or reconfiguration that we need to do to enable root level access from FC 20, Centos 7, redhat 7 and Oracle linux 7 (on the other hand all bistros are the same ). I've just got this installed needs to play with it and see if the same persist. But as per one of my colleague he has to set selinux to permissive for ssh as root to work. None of the good help did helped.
Again, it doesn't matter if this is test or not...logging in as root is a PLAIN BAD IDEA, PERIOD. As jpollard, you need to get used to working WITH security, rather than fighting it. All you're going to wind up doing is making things harder for yourself later. The scripts/procedures you develop in your 'test' system will be written to AVOID security, and probably won't work correctly in a production environment.

Want root access? Simple...log in as your regular user, type in "su - " or "sudo -s", and there you go. Simple. Works the same on any system.
 
Old 07-01-2015, 11:14 PM   #13
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 608

Original Poster
Rep: Reputation: 34
Thank you all for the replies appreciate all and sorry for the late reply! Guess I have to go with su -, but I really would like to know what stopping root from ssh in to a machine

Best Regards
 
Old 07-02-2015, 04:37 AM   #14
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,688

Rep: Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259
design? Good security practices? Take your pick.

Ssh has options to enable it, and strongly recommends against doing so. But if the security design of the system disallows it, then that won't allow it either.
 
Old 07-02-2015, 10:43 AM   #15
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 608

Original Poster
Rep: Reputation: 34
Thank you all for advice and help

Best Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] opensuse13.1 unable to ssh in as root after reboot jzoudavy Linux - Newbie 6 08-21-2014 09:54 PM
ssh, unable to connect to a machine, with any account, other than root WetFroggy Slackware 11 02-02-2012 01:55 AM
[SOLVED] Unable to login as root through SSH satya123 Linux - Newbie 24 04-14-2011 12:54 AM
Fedora 10/unable to ssh out from box to remote host (SSH within LAN ok) huskeypm Linux - Networking 3 04-14-2009 07:37 PM
Unable to us SU to root when logged in via SSH CaptainReboot Linux - Server 5 12-29-2007 05:36 AM


All times are GMT -5. The time now is 04:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration