[SOLVED] cannot login as root in console(tty1-tty6)...
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I can login as root in to Gnome and ssh but not in console
In fact I can login with anyuser in to Gnome and ssh but not in console.
By the console I'm referring to tty1-tty6.
When the login screen is showed I write the user and password but then a message is quickly(I can´t see it) showed and erased and the login screen is showed again
I looked the file /etc/security/access.conf but all the entries are marked as comments.
I also looked the file /etc/securetty and this is the content:
Root logins should be restricted to the system console. This may be enforced in a file in /etc/security/. Pay attention to the PAM configurations and access.conf. What is wrong with logging in as a normal user and su'ing to root or using logged sudo commands?
Root logins should be restricted to the system console. This may be enforced in a file in /etc/security/. Pay attention to the PAM configurations and access.conf. What is wrong with logging in as a normal user and su'ing to root or using logged sudo commands?
Also, reconsider disabling selinux protection.
I have been a windows administrator for 15 years and this is the first linux server I have to install and administrate.
I chose centos because a friend of mine told me It was one of the best linux distros for servers.
The default configuration in centos let me login with root in to gnome, ssh and console(tty1-tty6) for this reason I thought it was a problem.
It seems that I wil have to harden the security of the server.
I have been a windows administrator for 15 years and this is the first linux server I have to install and administrate.
I chose centos because a friend of mine told me It was one of the best linux distros for servers.
The default configuration in centos let me login with root in to gnome, ssh and console(tty1-tty6) for this reason I thought it was a problem.
It seems that I wil have to harden the security of the server.
Thanh you for your help
You may also wish to check out the LQ Wiki under networking since you're new to Linux serving. There's a lot of good information and while it does not pertain specifically to CentOS it is still useful to know. It can be applied to CentOS.
Run vimtutor in the terminal because knowing a terminal based text editor is essential. Run "man man" in the terminal to familiarize yourself with the man pages when you need to know the options of a command. Looking up a tutorial on the bash shell is also essential because piping commands and redirecting stout/sterr is a very powerful thing (my LQ Blog lists some examples). As always LQ will be around to fill in the blanks.
I have been a windows administrator for 15 years and this is the first linux server I have to install and administrate.
I chose centos because a friend of mine told me It was one of the best linux distros for servers.
The default configuration in centos let me login with root in to gnome, ssh and console(tty1-tty6) for this reason I thought it was a problem.
It seems that I wil have to harden the security of the server.
Thanh you for your help
Since you mentioned running sshd, I thought I would mention some things to consider to further secure it. Consider using pubkey authentication instead of Challenge Response authentication. The /etc/ssh/sshd_config file has instructions for setting this up in the comments:
Code:
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
Disabling root logins, and adding "AllowUsers username ..." will further secure the sshd service.
You can use:
eval $(ssh-agent)
ssh-add
at your remote client to hold your private key's passphrase. This allows seemingly logging in without a passphrase. You can even put a shortcut on your screen that starts a graphical program remotely via ssh. I added this to an icon's Command line: ssh -X elite 'inkscape %F'. Clicking on the inkscape icon starts the program on my desktop, displaying it on my laptop. You could do the same thing with one of the system-config-* programs or log viewer programs, when the server is running in run level 3. Just insert `gnomesu' after the opening quote to run one of the system configuration programs remotely.
Script kiddies attacking the server will be trying username/password brute force attacks. And the "root" user is their main target. Using "AllowUsers" will also disallow system users not listed. Which are also targets of script kiddies.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.