Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
We need to know more.
What distro are you running, do you use PAM, how do you try to switch to root - 'sudo' or 'su'?
If 'sudo' then user must be allowed to use sudo.
Distro is RHEL 6.x and running in vmware environment. VMWARE admin created this vm from physical server with vmware conversion tools.
I am using "su -", "su - root" for user switching not sudo, sudo is working very well
I did not setup for PAM. Actually I just take over this machine from hosting company. So the other company configured it with current setup.
If you help me for PAM I will check it and return with more information.
You said:
"I could login with any user from network but could not switch to root user."
But now you say
"I am using "su -", "su - root" for user switching not sudo, sudo is working very well"
So which is it, can you switch to root once logged in or not?
Normally you don't allow root login over network, always log in as user then switch to root.
I could login from network with standart user and then tried to switch root user with "su -" or "su - root" but both of them fails.
I think it's more clear now
Actually I think if sshd_config file has following entry "PermitRootLogin yes" I could login with root user from network but it's not working. I think there is another setup
I could login from network with standart user and then tried to switch root user with "su -" or "su - root" but both of them fails.
This sounds like root account is disabled - but you said in first post console login works? That is as root then?
Can you do 'sudo -i'?
Quote:
Actually I think if sshd_config file has following entry "PermitRootLogin yes" I could login with root user from network but it's not working. I think there is another setup
Yes there are other ways to control who is allowed to login, PAM is one.
My very first suggestion is to *not* try to allow root login via ssh, it's a security issue.
But if you really want to do that:
* Check /etc/ssh/sshd_config for directives "DenyUsers" "AllowUsers" "UsePAM yes/no"
* If PAM is used, check /etc/pam.d/sshd
root account is working, not disabled. I could login with root user from vm console like standart console and then I could work as root
/etc/ssh/sshd_config has not any line DenyUsers and AllowUsers but I don't remember UsePAM directive ( I don't have remote connection ). So I will check PAM issues tomorrow and then inform you
..and it shouldn't take three or more responses to tell you that you should not do that. Ensure you can log in as unprivileged user and then use Sudo or su.
There was UsePAM yes directive in sshd_config file so I modified it as "UsePAM no" and then restarted sshd daemon. But no progress, still could not login with root user through network.
I pasted sshd_config file into following lines (removed the lines that starts with #)
Many Deamons do not monitor their config files, to to effect any changes from editing these files, so if you do not start and stop the Deamons manually then a reboot will do it for you.
As said else where there are security problems with using root remotely, seriously consider undoing what you have done and also hardening your system to allow root access ONLY via the console. It may be a pain but could save you from a lot more pain.
I have to say, I have enough HPUX, Solaris, Linux, FreeBSD administration experiences in production environments.
I have not got any bad issue like that.
I configured many ssh daemons in many environments. I have not needed to reboot my server for any ssh configuration problem. According to my experiences, if UNIX OS kernel does not recommend me for reboot, I don't need reboot.
Stoping and starting daemon must be enough normally. I am thinking it must be bug/patch problem, Linux distro a little bit older release, customer insisting about this release because of the application specific req.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.